Control: tags -1 moreinfo Hi Ivo,
2017-05-27 22:42 GMT+02:00 Ivo De Decker <iv...@debian.org>: > Control: tags -1 confirmed moreinfo > > Hi, > > On Fri, May 26, 2017 at 12:25:07AM +0200, Bálint Réczey wrote: >> I have prepared wireshark 2.2.6+g32dac6a-1 in experimental which fixes >> 10 vulnerabilities and other bugs which are not listed here, just on >> the release notes link. >> >> Changes: >> wireshark (2.2.6+g32dac6a-1) experimental; urgency=medium >> . >> * New upstream release >> - release notes: >> https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html >> - security fixes: >> - The IMAP dissector could crash (CVE-2017-7703) >> - The WBXML dissector could enter an infinite loop (CVE-2017-7702) >> - The NetScaler file parser could enter an infinite loop >> (CVE-2017-7700) >> - The RPCoRDMA dissector enter an infinite loop (CVE-2017-7705) >> - The BGP dissector could enter an infinite loop (CVE-2017-7701) >> - The DOF dissector could enter an infinite loop (CVE-2017-7704) >> - The PacketBB dissector could crash (CVE-2017-7747) >> - The SLSK dissector could enter a long loop (CVE-2017-7746) >> - The SIGCOMP dissector could enter an infinite loop >> (CVE-2017-7745) >> - The WSP dissector could enter an infinite loop (CVE-2017-7748) >> >> >> I believe wireshark point releases very rarely cause regressions due >> to the heavy testing performed upstream and I think it would be safe >> to upload this point release to unstable and let it migrate to >> testing. >> >> If you wouldn't like to accept the full point release to Stretch I >> will happily backport the security fixes to 2.2.5 and upload that to >> unstable. >> >> Please share your preference regarding the next upload. > > Please go ahead with the upload to unstable and remove the moreinfo tag from > this bug once the builds are done on all the relevant architectures. Thank you, done. > > Also, please note that we are very close to the release date. More info about > the deadlines in > https://lists.debian.org/debian-devel-announce/2017/05/msg00002.html Thanks, I sent the unblock request shortly before the deadline and was already prepare to update it and include only the targeted fixes. Cheers, Balint > > Cheers, > > Ivo >