Accepted: wireshark 1.0.0-1 (source)
Ubuntu Installer
archive at ubuntu.com
Thu Apr 3 13:45:49 BST 2008
Accepted:
OK: wireshark_1.0.0.orig.tar.gz
OK: wireshark_1.0.0-1.diff.gz
OK: wireshark_1.0.0-1.dsc
-> Component: universe Section: net
Origin: Debian/unstable
Format: 1.7
Date: Thu, 03 Apr 2008 13:45:15 +0100
Source: wireshark
Binary: wireshark-common, wireshark, tshark, wireshark-dev, ethereal-common, ethereal-dev, ethereal, tethereal
Architecture: source
Version: 1.0.0-1
Distribution: hardy
Urgency: low
Maintainer: Frederic Peters <fpeters at debian.org>
Changed-By: Stephan Hermann <sh at sourcecode.de>
Description:
wireshark - network traffic analyzer
Closes: 117201 172939 369044 452381 468400 472478
Changes:
wireshark (1.0.0-1) unstable; urgency=low
.
* Several security issues were solved in 0.99.7 already:
(closes: #452381)
* allow remote attackers to cause a denial of service (crash) via (1) a
crafted MP3 file or (2) unspecified vectors to the NCP dissector
(CVE-2007-6111)
* Buffer overflow in the PPP dissector Wireshark (formerly Ethereal)
0.99.6 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via unknown vectors.
(CVE-2007-6112)
* Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote
attackers to cause a denial of service (long loop) via a malformed DNP
packet (CVE-2007-6113)
* Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0
through 0.99.6 allow remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via (1) the SSL dissector
or (2) the iSeries (OS/400) Communication trace file parser
(CVE-2007-6114)
* Buffer overflow in the ANSI MAP dissector for Wireshark (formerly
Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms,
allows remote attackers to cause a denial of service and possibly
execute arbitrary code via unknown vectors. (CVE-2007-6115)
* The Firebird/Interbase dissector in Wireshark (formerly Ethereal)
0.99.6 allows remote attackers to cause a denial of service (infinite
loop or crash) via unknown vectors. (CVE-2007-6116)
* Unspecified vulnerability in the HTTP dissector for Wireshark
(formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote
attack vectors related to chunked messages. (CVE-2007-6117)
* The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6
allows remote attackers to cause a denial of service (long loop and
resource consumption) via unknown vectors. (CVE-2007-6118)
* The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows
remote attackers to cause a denial of service (long loop and resource
consumption) via unknown vectors. (CVE-2007-6119)
* The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to
0.99.6 allows remote attackers to cause a denial of service (infinite
loop) via unknown vectors. (CVE-2007-6120)
* Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers
to cause a denial of service (crash) via a malformed RPC Portmap
packet. (CVE-2007-6121)
* current wireshark has SSL support (closes: #172939)
* and H323 support (closes: #117201)
* resizing columns bugfix was applied last year (closes: #369044)
* new upstream release 1.0.0
http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html
* remove debian/ directory from upstream
* update 14_disable-cmip.dpatch.
* if wireshark has no priv, it now prints:
dumpcap: There are no interfaces on which a capture can be done
(closes: #468400)
* wireshark uses su-to-root now (closes: #472478)
* vulnerabilities fixed:
* The X.509sat and other dissector could crash (CVE-2008-1561)
* The LDAP dissector could crash on Windows and other platforms.
(CVE-2008-1562)
* The SCCP dissector could crash while using the "decode as"
feature (CVE-2008-1563)
Files:
8541c018e28eedacb9789cd4381541bb 47800 net optional wireshark_1.0.0-1.diff.gz
f3f3d2211fe8b1f4358cd9250d99abe8 17031038 net optional wireshark_1.0.0.orig.tar.gz
16caefa076423ce9ac9f3a9d3ec5ef68 1123 net optional wireshark_1.0.0-1.dsc
More information about the Hardy-changes
mailing list