Accepted: wireshark 1.0.0-1 (source)

Ubuntu Installer archive at ubuntu.com
Thu Apr 3 13:45:49 BST 2008


Accepted:
 OK: wireshark_1.0.0.orig.tar.gz
 OK: wireshark_1.0.0-1.diff.gz
 OK: wireshark_1.0.0-1.dsc
     -> Component: universe Section: net

Origin: Debian/unstable
Format: 1.7
Date: Thu,  03 Apr 2008 13:45:15 +0100
Source: wireshark
Binary: wireshark-common, wireshark, tshark, wireshark-dev, ethereal-common, ethereal-dev, ethereal, tethereal
Architecture: source
Version: 1.0.0-1
Distribution: hardy
Urgency: low
Maintainer: Frederic Peters <fpeters at debian.org>
Changed-By: Stephan Hermann <sh at sourcecode.de>
Description: 
 wireshark  - network traffic analyzer
Closes: 117201 172939 369044 452381 468400 472478
Changes: 
 wireshark (1.0.0-1) unstable; urgency=low
 .
   * Several security issues were solved in 0.99.7 already:
     (closes: #452381)
     * allow remote attackers to cause a denial of service (crash) via (1) a
       crafted MP3 file or (2) unspecified vectors to the NCP dissector
       (CVE-2007-6111)
     * Buffer overflow in the PPP dissector Wireshark (formerly Ethereal)
       0.99.6 allows remote attackers to cause a denial of service (crash)
       and possibly execute arbitrary code via unknown vectors.
       (CVE-2007-6112)
     * Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote
       attackers to cause a denial of service (long loop) via a malformed DNP
       packet (CVE-2007-6113)
     * Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0
       through 0.99.6 allow remote attackers to cause a denial of service
       (crash) and possibly execute arbitrary code via (1) the SSL dissector
       or (2) the iSeries (OS/400) Communication trace file parser
       (CVE-2007-6114)
     * Buffer overflow in the ANSI MAP dissector for Wireshark (formerly
       Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms,
       allows remote attackers to cause a denial of service and possibly
       execute arbitrary code via unknown vectors. (CVE-2007-6115)
     * The Firebird/Interbase dissector in Wireshark (formerly Ethereal)
       0.99.6 allows remote attackers to cause a denial of service (infinite
       loop or crash) via unknown vectors. (CVE-2007-6116)
     * Unspecified vulnerability in the HTTP dissector for Wireshark
       (formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote
       attack vectors related to chunked messages. (CVE-2007-6117)
     * The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6
       allows remote attackers to cause a denial of service (long loop and
       resource consumption) via unknown vectors. (CVE-2007-6118)
     * The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows
       remote attackers to cause a denial of service (long loop and resource
       consumption) via unknown vectors. (CVE-2007-6119)
     * The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to
       0.99.6 allows remote attackers to cause a denial of service (infinite
       loop) via unknown vectors. (CVE-2007-6120)
     * Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers
       to cause a denial of service (crash) via a malformed RPC Portmap
       packet. (CVE-2007-6121)
   * current wireshark has SSL support (closes: #172939)
   * and H323 support (closes: #117201)
   * resizing columns bugfix was applied last year (closes: #369044)
   * new upstream release 1.0.0
     http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html
   * remove debian/ directory from upstream
   * update 14_disable-cmip.dpatch.
   * if wireshark has no priv, it now prints:
       dumpcap: There are no interfaces on which a capture can be done
       (closes: #468400)
   * wireshark uses su-to-root now (closes: #472478)
   * vulnerabilities fixed:
     * The X.509sat and other dissector could crash (CVE-2008-1561)
     * The LDAP dissector could crash on Windows and other platforms.
       (CVE-2008-1562)
     * The SCCP dissector could crash while using the "decode as"
       feature (CVE-2008-1563)
Files: 
 8541c018e28eedacb9789cd4381541bb 47800 net optional wireshark_1.0.0-1.diff.gz
 f3f3d2211fe8b1f4358cd9250d99abe8 17031038 net optional wireshark_1.0.0.orig.tar.gz
 16caefa076423ce9ac9f3a9d3ec5ef68 1123 net optional wireshark_1.0.0-1.dsc





More information about the Hardy-changes mailing list