Hi Jochen, On 2026. Jan 29., Thu at 15:33, Jochen Sprickerhof <[email protected]> wrote:
> Hi Balint, > > as part of my work on E/LTS for Freexian I have prepared and tested > security updates for trixie and bookworm (attached). Do you want to > handle them or should I coordinate with the security team? Thanks, please coordinate with the security team and then go ahead the upload. Cheers, Balint > > Cheers Jochen > > * Debian Bug Tracking System <[email protected]> [2026-01-16 16:15]: > >This is an automatic notification regarding your Bug report > >which was filed against the src:wireshark package: > > > >#1125690: wireshark: CVE-2026-0959 CVE-2026-0960 CVE-2026-0961 > CVE-2026-0962 > > > >It has been closed by Debian FTP Masters <[email protected]> > (reply to Balint Reczey <[email protected]>). > > > >Their explanation is attached below along with your original report. > >If this explanation is unsatisfactory and you have not received a > >better one in a separate message then please contact Debian FTP Masters < > [email protected]> (reply to Balint Reczey < > [email protected]>) by > >replying to this email. > > > > > >-- > >1125690: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125690 > >Debian Bug Tracking System > >Contact [email protected] with problems > > >Date: Fri, 16 Jan 2026 16:12:37 +0000 > >To: [email protected] > >Reply-To: Balint Reczey <[email protected]> > >From: Debian FTP Masters <[email protected]> > >Subject: Bug#1125690: fixed in wireshark 4.6.3-1 > > > > > > >Date: Fri, 16 Jan 2026 08:10:38 +0100 > >To: Debian Bug Tracking System <[email protected]> > >X-Mailer: reportbug 13.2.0 > >From: Salvatore Bonaccorso <[email protected]> > >Subject: wireshark: CVE-2026-0959 CVE-2026-0960 CVE-2026-0961 > CVE-2026-0962 > > > >Source: wireshark > >Version: 4.6.2-1 > >Severity: important > >Tags: security upstream > >X-Debbugs-Cc: [email protected], Debian Security Team < > [email protected]> > > > >Hi, > > > >The following vulnerabilities were published for wireshark. > > > >CVE-2026-0959[0]: > >| IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and > >| 4.4.0 to 4.4.12 allows denial of service > > > > > >CVE-2026-0960[1]: > >| HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 > >| allows denial of service > > > > > >CVE-2026-0961[2]: > >| BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to > >| 4.4.12 allows denial of service > > > > > >CVE-2026-0962[3]: > >| SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and > >| 4.4.0 to 4.4.12 allows denial of service > > > > > >If you fix the vulnerabilities please also make sure to include the > >CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > > >For further information see: > > > >[0] https://security-tracker.debian.org/tracker/CVE-2026-0959 > > https://www.cve.org/CVERecord?id=CVE-2026-0959 > >[1] https://security-tracker.debian.org/tracker/CVE-2026-0960 > > https://www.cve.org/CVERecord?id=CVE-2026-0960 > >[2] https://security-tracker.debian.org/tracker/CVE-2026-0961 > > https://www.cve.org/CVERecord?id=CVE-2026-0961 > >[3] https://security-tracker.debian.org/tracker/CVE-2026-0962 > > https://www.cve.org/CVERecord?id=CVE-2026-0962 > > > >Regards, > >Salvatore > >
