[ubuntu/xenial-updates] wireshark 2.6.3-1~ubuntu16.04.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Oct 15 15:28:20 UTC 2018

wireshark (2.6.3-1~ubuntu16.04.1) xenial-security; urgency=medium

  * No change rebuild for the -security pocket

wireshark (2.6.3-1~16.04.0) xenial-security; urgency=medium

  * Rebuild for Xenial to fix multiple CVEs (LP: #1793091)

wireshark (2.6.3-1) unstable; urgency=medium

  * Use GLX extension in autopkgtest, Qt needs it
  * New upstream version 2.6.3
    - release notes:
    - security fixes:
      - Bluetooth AVDTP dissector crash. (CVE-2018-16058)
      - Bluetooth Attribute Protocol dissector crash. (CVE-2018-16056)
      - Radiotap dissector crash. (CVE-2018-16057)
  * Refresh patches
  * Update symbols

wireshark (2.6.2-2) unstable; urgency=medium

  * Add missing autopkgtest dependencies (Closes: #904920)
  * Use automatic xvfb server number in tests
  * Add Lintian override for extra patch for backporting

wireshark (2.6.2-1) unstable; urgency=medium

  * Fix shipping README.Debian (Closes: #903722)
  * Drop unused 06_release-version.patch.
  * Drop unused backport-to-qt4.patch.
  * Refresh backport-to-old-gnutls.patch.
  * Skip building users and developers guide on Trusty.
    Asciidoctor does not accept --require option there and breaks the build
    and people can read documentation on more recent releases if they wish to.
  * Add autopkgtest for testing starting GUI.
  * New upstream release
    - release notes:
    - security fixes:
      - BGP dissector large loop (CVE-2018-14342)
      - ISMP dissector crash (CVE-2018-14344)
      - Multiple dissectors could crash (CVE-2018-14340)
      - ASN.1 BER dissector crash (CVE-2018-14343)
      - MMSE dissector infinite loop (CVE-2018-14339)
      - DICOM dissector crash (CVE-2018-14341)
      - Bazaar dissector infinite loop (CVE-2018-14368)
      - HTTP2 dissector crash (CVE-2018-14369)
      - CoAP dissector crash (CVE-2018-14367)
  * Drop patches fixing shared library names, they are fixed upstream
  * Refresh patches
  * Update symbols files

wireshark (2.6.1-1) unstable; urgency=medium

  [ Balint Reczey ]
  * New upstream release
    - release notes:
    - security fixes (Closes: #900708):
      - The LDSS dissector could crash. (CVE-2018-11362)
      - The IEEE 1905.1a dissector could crash. (CVE-2018-11354)
      - The RTCP dissector could crash. (CVE-2018-11355)
      - Multiple dissectors could consume excessive memory. (CVE-2018-11357)
      - The DNS dissector could crash. (CVE-2018-11356)
      - The GSM A DTAP dissector could crash. (CVE-2018-11360)
      - The Q.931 dissector could crash. (CVE-2018-11358)
      - The IEEE 802.11 dissector could crash. (CVE-2018-11361)
      - Multiple dissectors could crash. (CVE-2018-11359)
  * debian/gbp.conf: describe repository layout
  * Update Vcs-{Browser|Git} to point to Salsa
  * Drop packaging changes for ipmap.html since it is also dropped upstream.
  * Refresh patches.
  * Switch to use asciidoctor instead of asciidoc
  * Fix shared library symlink names.
  * Update shared library package names and symbols files.
  * Adjust packaging to upstream file name changes.
  * Ship README.Debian in every binary package.
  * Ship asn2deb and idl2deb documentation.

  [ Peter Wu ]
  * remove imagemagick build dependency and demote xdg-utils deps
    xdg-utils is needed for xdg-open (opening websites) at runtime in GTK+,
    but not for Qt nor during the build, remove it or mark it as optional.
  * debian/rules: Skip installing icons and .desktop files.
    They are now installed by CMake

  [ Gerald Combs ]
  * Transition from GeoIP Legacy to MaxMindDB.
    MaxMind is discontinuing its legacy databases in April in favor of
    GeoIP2, which use a newer database format (MaxMind DB). The reference C
    library (libmaxminddb) is available under the Apache 2.0 license which
    isn't quite compatible with ours.

  [ Guy Harris ]
  * Give more detailed information about capture permissions on Debian.
    Indicate what you're supposed to do when running dpkg-reconfigure
    wireshark-common, and indicate that you have to run it as root using
    Emphasize in README.Debian, and indicate in the permission failure
    secondary message, that you have to add users to the "wireshark" group
    after doing that, and that a user may have to log out and log in again
    to make this change take effect.

wireshark (2.4.6-1) unstable; urgency=medium

  [ Yuri Kozlov ]
  * Updated Russian translation for debconf messages (Closes: #892902)

  [ Balint Reczey ]
  * New upstream release
    - release notes:
    - security fixes:
      - The MP4 dissector could crash. (CVE-2018-9259)
      - The ADB dissector could crash. (CVE-2018-9264)
      - The IEEE 802.15.4 dissector could crash. ()
      - The NBAP dissector could crash. (CVE-2018-9261)
      - The VLAN dissector could crash. (CVE-2018-9262)
      - The LWAPP dissector could crash. (CVE-2018-9256)
      - The TCP dissector could crash. (CVE-2018-9258)
      - The CQL dissector could to into an infinite loop. (CVE-2018-9257)
      - The Kerberos dissector could crash. (CVE-2018-9263)
      - Multiple dissectors and other modules could leak memory.
        The TN3270 (CVE-2018-9265), ISUP (CVE-2018-9266),
        LAPD (CVE-2018-9267), SMB2 (CVE-2018-9268),
        GIOP (CVE-2018-9269), ASN.1 (CVE-2018-9270),
        MIME multipart (CVE-2018-9271), H.223 (CVE-2018-9272),
        and PCP (CVE-2018-9273) dissectors were susceptible along with
        Wireshark (CVE-2018-9274) and TShark.

wireshark (2.4.5-1) unstable; urgency=medium

  * New upstream release
    - release notes:
    - security fixes:
      - The SIGCOMP dissector could crash (CVE-2018-7320, CVE-2018-7418)
      - Multiple dissectors could go into large infinite loops.
        All ASN.1 BER dissectors,  along with the DICOM, DMP, LLTD, OpenFlow,
        RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB,
        and WCCP dissectors were susceptible. (CVE-2018-7321, CVE-2018-7322,
        CVE-2018-7323, CVE-2018-7324, CVE-2018-7325, CVE-2018-7326,
        CVE-2018-7327, CVE-2018-7328, CVE-2018-7329, CVE-2018-7330,
        CVE-2018-7331, CVE-2018-7332, CVE-2018-7333)
      - The UMTS MAC dissector could crash (CVE-2018-7334)
      - The IEEE 802.11 dissector could crash (CVE-2018-7335)
      - The FCP dissector could crash (CVE-2018-7336)
      - The DOCSIS dissector could crash (CVE-2018-7337)
      - The IPMI dissector could crash (CVE-2018-7417)
      - The NBAP disssector could crash (CVE-2018-7419)
      - The pcapng file parser could crash (CVE-2018-7420)
  * Only recommend libjs-openlayers (Closes: #888744)

wireshark (2.4.4-1) unstable; urgency=medium

  * New upstream release
    - release notes:
    - security fixes:
      - Multiple dissectors could crash (CVE-2018-5336)
      - The IxVeriWave file parser could crash (CVE-2018-5334)
      - The WCP dissector could crash (CVE-2018-5335)
      - Prior to this release dumpcap enabled the Linux kernel’s BPF JIT
        compiler via the net.core.bpf_jit_enable sysctl. This could make
        systems more vulnerable to Spectre variant 1 (CVE-2017-5753) and
        this feature has been removed (Closes: #886619)
      - There was a potential buffer underflow in File_read_line function
        in epan/wslua/wslua_file.c file (CVE-2017-17935) (Closes: #885831)
  * Update symbols files
  * Fix dh_clean target in debian/rules
  * Change wireshark-doc's priority to optional from extra following Policy

wireshark (2.4.3-1) unstable; urgency=medium

  * Show version info instead of just "Git Rev Unknown from unknown"
  * New upstream release
    - release notes:
    - security fixes:
      - The IWARP_MPA dissector could crash (CVE-2017-17084)
      - The NetBIOS dissector could crash (CVE-2017-17083)
        Discovered by Kamil Frankowicz
      - The CIP Safety dissector could crash (CVE-2017-17085)

wireshark (2.4.2-1) unstable; urgency=medium

  [ Pedro Ribeiro ]
  * Updated Portuguese translation for debconf messages (Closes: #874522)

  [ Balint Reczey ]
  * New upstream release
    - release notes:
    - security fixes:
      - BT ATT dissector crash (CVE-2017-15192)
      - MBIM dissector crash (CVE-2017-15193)
      - DMP dissector crash (CVE-2017-15191)
      - RTSP dissector crash (CVE-2017-15190)
      - DOCSIS infinite loop  (CVE-2017-15189)
  [ Helge Kreutzmann ]
  * Updated German translation for debconf messages (Closes: #877636)

  [ Frans Spiesschaert ]
  * Updated Dutch translation for debconf messages (Closes: #877244)

wireshark (2.4.1-1) unstable; urgency=medium

  * New upstream release
    - release notes:
    - security fixes:
      - MSDP dissector infinite loop (CVE-2017-13767)
      - Profinet I/O buffer overrun (CVE-2017-13766)
      - Modbus dissector crash (CVE-2017-13764)
      - IrCOMM dissector buffer overrun (CVE-2017-13765)
  * Refresh patches
  * Drop 0001-Set-libwscodecs.so-s-version-to-1.1.0.patch which is now
    integrated upstream

wireshark (2.4.0-1) unstable; urgency=medium

  * Use debconf messages instead of "echo" in postinst/postrm (LP: #1687344)
  * New upstream release
    - release notes:
    - security fixes:
      - deeply nested DAAP data may cause stack exhaustion
        (uncontrolled recursion) in the dissect_daap_one_tag function
        (CVE-2017-9617) (Closes: #870174)
      - PROFINET IO data with a high recursion depth allows remote
        attackers to cause a denial of service (stack exhaustion)
        in the dissect_IODWriteReq function. (CVE-2017-9766)
        (Closes: #870175)
      - the DOCSIS dissector could go into an infinite loop (CVE-2017-11406)
        (Closes: #870172)
      - the MQ dissector could crash (CVE-2017-11407) (Closes: #870172)
      - the AMQP dissector could crash (CVE-2017-11408) (Closes: #870172)
      - the WBXML dissector could go into an infinite loop, triggered
        by packet injection or a malformed capture file (CVE-2017-11410)
        (Closes: #870180)
      - the openSAFETY dissector could crash or exhaust system memory
        (CVE-2017-11411) (Closes: #870179)
  * Update shared library package names to match new .so versions
  * Refresh patches
  * Drop workaround to use system's nghttp2 since upstream does not
    ship the embedded copy anymore
  * Add build-dependency on libparse-yapp-perl, liblz4-dev, libsnappy-dev,
    libspandsp-dev, libxml2-dev and lynx to enable new upstream features
  * Update PO files about debconf templates

wireshark (2.2.7-1) unstable; urgency=medium

  [ Balint Reczey ]
  * Convert d/copyright to machine readable format
  * Download releases from GitHub excluding upstream's debian/ dir
  * Use my @ubuntu.com email address in Maintainer field
  * New upstream release
    - release notes:
    - security fixes (Closes: #864058):
      - Bazaar dissector infinite loop (CVE-2017-9352)
      - DOF dissector read overflow (CVE-2017-9348)
      - DHCP dissector read overflow (CVE-2017-9351)
      - SoulSeek dissector infinite loop (CVE-2017-9346)
      - DNS dissector infinite loop (CVE-2017-9345)
      - DICOM dissector infinite loop (CVE-2017-9349)
      - openSAFETY dissector memory exhaustion (CVE-2017-9350)
      - BT L2CAP dissector divide by zero (CVE-2017-9344)
      - MSNIP dissector crash (CVE-2017-9343)
      - ROS dissector crash (CVE-2017-9347)
      - RGMP dissector crash (CVE-2017-9354)
      - IPv6 dissector crash (CVE-2017-9353)

  [ Alexander Gerasiov ]
  * Fix pkg-config libdir (Closes: #857729)

Date: 2018-10-15 12:28:19.485014+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
Maintainer: Balint Reczey <balint.reczey at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list