Hi Bálint, On Tue, Apr 04, 2023 at 06:22:09PM +0200, Bálint Réczey wrote: > Control: tags -1 pending fixed-upstream > > Hi Salvatore, > > Salvatore Bonaccorso <car...@debian.org> ezt írta (időpont: 2023. > márc. 31., P, 21:01): > > > > Source: wireshark > > Version: 4.0.3-1 > > Severity: important > > Tags: security upstream > > Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/18839 > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > <t...@security.debian.org> > > > > Hi, > > > > The following vulnerability was published for wireshark. > > > > CVE-2023-1161[0]: > > | ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 > > | and 3.6.0 to 3.6.11 allows denial of service via packet injection or > > | crafted capture file > > > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > I have committed the fix to the packaging repository with the new > upstream release. > I plan uploading it when the freeze is over, unless the Security Team > finds the issue severe enough to warrant an earlier upload.
Agreed! Regards, Salvatore