Bug#929630: unblock: wireshark/2.6.8-1.1

Mon, 27 May 2019 07:34:03 -0700 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package wireshark. The NMU fixes CVE-2019-12295, reported
as Debian bug #929446.

unblock wireshark/2.6.8-1.1

Regards,
Tobias

diff --git a/debian/changelog b/debian/changelog
index 4699904b15..dbdda67912 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+wireshark (2.6.8-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2019-12295
+    In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14,
+    the dissection engine could crash. This was addressed in
+    epan/packet.c by restricting the number of layers and
+    consequently limiting recursion. (Closes: #929446)
+
+ -- Dr. Tobias Quathamer <to...@debian.org>  Mon, 27 May 2019 16:08:44 +0200
+
 wireshark (2.6.8-1) unstable; urgency=medium
 
   * New upstream version 2.6.8
diff --git a/debian/patches/CVE-2019-12295.patch b/debian/patches/CVE-2019-12295.patch
new file mode 100644
index 0000000000..494c09ee44
--- /dev/null
+++ b/debian/patches/CVE-2019-12295.patch
@@ -0,0 +1,42 @@
+Description: CVE-2019-12295
+ In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14,
+ the dissection engine could crash. This was addressed in
+ epan/packet.c by restricting the number of layers and
+ consequently limiting recursion.
+Origin: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
+Bug-Debian: https://bugs.debian.org/929446
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/epan/packet.c
++++ b/epan/packet.c
+@@ -725,6 +725,13 @@
+ call_dissector_work_error(dissector_handle_t handle, tvbuff_t *tvb,
+ 			  packet_info *pinfo_arg, proto_tree *tree, void *);
+ 
++/*
++ * XXX packet_info.curr_layer_num is a guint8 and *_MAX_RECURSION_DEPTH is
++ * 100 elsewhere in the code. We should arguably use the same value here,
++ * but using that makes suite_wslua.case_wslua.test_wslua_dissector_fpm fail.
++ */
++#define PINFO_LAYER_MAX_RECURSION_DEPTH 500
++
+ static int
+ call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo_arg,
+ 		    proto_tree *tree, gboolean add_proto_name, void *data)
+@@ -747,6 +754,7 @@
+ 	saved_proto = pinfo->current_proto;
+ 	saved_can_desegment = pinfo->can_desegment;
+ 	saved_layers_len = wmem_list_count(pinfo->layers);
++	DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
+ 
+ 	/*
+ 	 * can_desegment is set to 2 by anyone which offers the
+@@ -2675,6 +2683,8 @@
+ 	saved_layers_len = wmem_list_count(pinfo->layers);
+ 	*heur_dtbl_entry = NULL;
+ 
++	DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
++
+ 	for (entry = sub_dissectors->dissectors; entry != NULL;
+ 	    entry = g_slist_next(entry)) {
+ 		/* XXX - why set this now and above? */
diff --git a/debian/patches/series b/debian/patches/series
index c3ea6754c4..1e3c412166 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@
 09_idl2wrs.patch
 16_licence_about_location.patch
 17_libdir_location.patch
+CVE-2019-12295.patch

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to