Control: tags -1 -moreinfo 2017-03-09 9:27 GMT+01:00 Emilio Pozuelo Monfort <po...@debian.org>: > Control: tags -1 confirmed moreninfo > > On 08/03/17 09:52, Balint Reczey wrote: >> Package: release.debian.org >> Severity: normal >> User: release.debian....@packages.debian.org >> Usertags: unblock >> Tags: patch >> >> Dear Release Team, >> >> I have prepared wireshark 2.2.5+g440fd4d-1 in experimental which fixes >> 9 vulnerabilities and other bugs which are not listed here, just on >> the release notes link. >> >> Changes: >> wireshark (2.2.5+g440fd4d-1) experimental; urgency=medium >> . >> * New upstream release >> - release notes: >> https://www.wireshark.org/docs/relnotes/wireshark-2.2.5.html >> - security fixes: >> - The STANAG 4607 file parser could go into an infinite loop >> (CVE-2017-6014) >> - The NetScaler file parser could go into an infinite loop >> (CVE-2017-6467) >> - The NetScaler file parser could crash (CVE-2017-6468) >> - The LDSS dissector could crash (CVE-2017-6469) >> - The IAX2 dissector could go into an infinite loop >> (CVE-2017-6470) >> - The WSP dissector could go into an infinite loop (CVE-2017-6471) >> - The RTMTP dissector could go into an infinite loop >> (CVE-2017-6472) >> - The K12 file parser could crash (CVE-2017-6473) >> - The NetScaler file parser could go into an infinite loop >> (CVE-2017-6474) >> * Update symbols file for libwireshark8 >> >> I believe wireshark point releases very rarely cause regressions due >> to the heavy testing performed upstream and I think it would be safe >> to upload this point release to unstable and let it migrate to >> testing. >> >> If you wouldn't like to accept the full point release to Stretch I >> will happily backport the security fixes to 2.2.4 and upload that to >> unstable. > > Please go ahead with 2.2.5, and remove the moreinfo tag once it is accepted > and > built on all release architectures.
Accepted and built. Cheers, Balint
