Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: a28bdc03 by Thorsten Alteholz at 2017-12-30T20:09:04+01:00 follow security team with no-dsa for wireshark CVEs - - - - - fb814126 by Thorsten Alteholz at 2017-12-30T20:09:30+01:00 Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -4,6 +4,7 @@ CVE-2017-17997 (In Wireshark 2.2.11 and before, the MRDISC dissector misuses a N - wireshark 2.4.0-1 [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14299 NOTE: https://code.wireshark.org/review/#/c/25063/ NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=80a695869c9aef2fb473d9361da068022be7cb50 @@ -578,6 +579,7 @@ CVE-2017-17935 (The File_read_line function in epan/wslua/wslua_file.c in Wiresh - wireshark <unfixed> (bug #885831) [stretch] - wireshark <ignored> (Minor issue) [jessie] - wireshark <ignored> (Minor issue) + [wheezy] - wireshark <ignored> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295 NOTE: https://code.wireshark.org/review/#/c/24997/ NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1 @@ -15715,6 +15717,7 @@ CVE-2017-15193 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissect - wireshark 2.4.2-1 (low) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14056 NOTE: https://code.wireshark.org/review/23537 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afb9ff7982971aba6e42472de0db4c1bedfc641b @@ -15723,6 +15726,7 @@ CVE-2017-15192 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT disse - wireshark 2.4.2-1 (low) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14049 NOTE: https://code.wireshark.org/review/23470 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3689dc1db36037436b1616715f9a3f888fc9a0f6 @@ -15731,6 +15735,7 @@ CVE-2017-15191 (In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15 - wireshark 2.4.2-1 (low) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14068 NOTE: https://code.wireshark.org/review/23591 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8dbb21dfde14221dab09b6b9c7719b9067c1f06e @@ -15748,6 +15753,7 @@ CVE-2017-15189 (In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into - wireshark 2.4.2-1 (low) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080 NOTE: https://code.wireshark.org/review/23663 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8 @@ -19982,6 +19988,7 @@ CVE-2017-13767 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSD - wireshark 2.4.1-1 [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f18ace2a2683418a9368a8dfd92da6bd8213e15 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-38.html @@ -19998,6 +20005,7 @@ CVE-2017-13765 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrC - wireshark 2.4.1-1 [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13929 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94666d4357096fc45e3bcad3d9414a14f0831bc8 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-41.html @@ -20005,6 +20013,7 @@ CVE-2017-13764 (In Wireshark 2.4.0, the Modbus dissector could crash with a NULL - wireshark 2.4.1-1 [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-40.html @@ -27010,6 +27019,7 @@ CVE-2017-11410 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML . CVE-2017-11409 (In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a ...) - wireshark 2.2.0~rc1+g438c022-1 (low) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13603 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=57b83bbbd76f543eb8d108919f13b662910bff9a NOTE: https://www.wireshark.org/security/wnpa-sec-2017-37.html @@ -27027,6 +27037,7 @@ CVE-2017-11407 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissecto - wireshark 2.4.0-1 (low; bug #870172) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13792 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4e54dae7f0d7840836ee6d5ce1e688f152ab2978 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-35.html @@ -27034,6 +27045,7 @@ CVE-2017-11406 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS diss - wireshark 2.4.0-1 (bug #870172) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c NOTE: https://www.wireshark.org/security/wnpa-sec-2017-36.html @@ -31607,6 +31619,7 @@ CVE-2017-9766 (In Wireshark 2.2.7, PROFINET IO data with a high recursion depth - wireshark 2.4.0-1 (low; bug #870175) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000 CVE-2017-9765 (Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and ...) @@ -32190,11 +32203,13 @@ CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhau - wireshark 2.4.0-1 (low; bug #870174) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799 CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion ...) - wireshark 2.4.0-1 (low; bug #870173) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777 CVE-2017-9615 (Password exposure in Cognito Software Moneyworks 8.0.3 and earlier ...) NOT-FOR-US: Cognito Software Moneyworks @@ -32977,6 +32992,7 @@ CVE-2017-9354 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissect - wireshark 2.2.7-1 (bug #864058) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-32.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646 CVE-2017-9353 (In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was ...) @@ -32990,12 +33006,14 @@ CVE-2017-9352 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar disse - wireshark 2.2.7-1 (low; bug #864058) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-22.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13599 CVE-2017-9351 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector ...) - wireshark 2.2.7-1 (low; bug #864058) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-24.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13628 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13609 @@ -33003,6 +33021,7 @@ CVE-2017-9350 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY . - wireshark 2.2.7-1 (low; bug #864058) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-28.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649 NOTE: When fixing this entry make sure to apply the complete fix and adding @@ -33012,6 +33031,7 @@ CVE-2017-9349 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissec - wireshark 2.2.7-1 (low; bug #864058) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-27.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685 CVE-2017-9348 (In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end ...) @@ -33032,24 +33052,28 @@ CVE-2017-9346 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dis - wireshark 2.2.7-1 (low; bug #864058) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-25.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13631 CVE-2017-9345 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector ...) - wireshark 2.2.7-1 (low; bug #864058) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-26.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633 CVE-2017-9344 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP ...) - wireshark 2.2.7-1 (low; bug #864058) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-29.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701 CVE-2017-9343 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector ...) - wireshark 2.2.7-1 (low; bug #864058) [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-30.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725 CVE-2017-9342 @@ -38183,18 +38207,21 @@ CVE-2017-7749 CVE-2017-7748 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector ...) - wireshark 2.2.6+g32dac6a-1 (low) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-21.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f55cbcde2c8f74b652add4450b0592082eb6acff NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13581 CVE-2017-7747 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector ...) - wireshark 2.2.6+g32dac6a-1 [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-18.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5cfd52d6629cf8a7ab67c6bacd3431a964f43584 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13559 CVE-2017-7746 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector ...) - wireshark 2.2.6+g32dac6a-1 (low) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-19.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=58e69cc769dea24b721abd8a29f9eedc11024b7e NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13576 @@ -38317,12 +38344,14 @@ CVE-2017-7704 (In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an . CVE-2017-7703 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector ...) - wireshark 2.2.6+g32dac6a-1 (low) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-12.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13466 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=671e32820ab29d41d712cc8a472eab9b672684d9 CVE-2017-7702 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector ...) - wireshark 2.2.6+g32dac6a-1 (low) [jessie] - wireshark <no-dsa> (Minor issue) + [wheezy] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-13.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13477 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2f322f66cbcca2fefdaa630494f9d6c97eb659b7 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/171b745acf2fd5ece217f4c38bdf6cb2e8216415...fb814126b8b02da335d2431721ced8b2922b5712 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/171b745acf2fd5ece217f4c38bdf6cb2e8216415...fb814126b8b02da335d2431721ced8b2922b5712 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits