Hi security team,I would like to coordinate the security updates for wireshark in trixie and bookworm. Would you be ok if I upload the proposed patches?
Thanks Jochen * Bálint Réczey <[email protected]> [2026-01-29 16:08]:
Hi Jochen, On 2026. Jan 29., Thu at 15:33, Jochen Sprickerhof <[email protected]> wrote:Hi Balint, as part of my work on E/LTS for Freexian I have prepared and tested security updates for trixie and bookworm (attached). Do you want to handle them or should I coordinate with the security team?Thanks, please coordinate with the security team and then go ahead the upload. Cheers, BalintCheers Jochen * Debian Bug Tracking System <[email protected]> [2026-01-16 16:15]: >This is an automatic notification regarding your Bug report >which was filed against the src:wireshark package: > >#1125690: wireshark: CVE-2026-0959 CVE-2026-0960 CVE-2026-0961 CVE-2026-0962 > >It has been closed by Debian FTP Masters <[email protected]> (reply to Balint Reczey <[email protected]>). > >Their explanation is attached below along with your original report. >If this explanation is unsatisfactory and you have not received a >better one in a separate message then please contact Debian FTP Masters < [email protected]> (reply to Balint Reczey < [email protected]>) by >replying to this email. > > >-- >1125690: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125690 >Debian Bug Tracking System >Contact [email protected] with problems >Date: Fri, 16 Jan 2026 16:12:37 +0000 >To: [email protected] >Reply-To: Balint Reczey <[email protected]> >From: Debian FTP Masters <[email protected]> >Subject: Bug#1125690: fixed in wireshark 4.6.3-1 > >Date: Fri, 16 Jan 2026 08:10:38 +0100 >To: Debian Bug Tracking System <[email protected]> >X-Mailer: reportbug 13.2.0 >From: Salvatore Bonaccorso <[email protected]> >Subject: wireshark: CVE-2026-0959 CVE-2026-0960 CVE-2026-0961 CVE-2026-0962 > >Source: wireshark >Version: 4.6.2-1 >Severity: important >Tags: security upstream >X-Debbugs-Cc: [email protected], Debian Security Team < [email protected]> > >Hi, > >The following vulnerabilities were published for wireshark. > >CVE-2026-0959[0]: >| IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and >| 4.4.0 to 4.4.12 allows denial of service > > >CVE-2026-0960[1]: >| HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 >| allows denial of service > > >CVE-2026-0961[2]: >| BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to >| 4.4.12 allows denial of service > > >CVE-2026-0962[3]: >| SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and >| 4.4.0 to 4.4.12 allows denial of service > > >If you fix the vulnerabilities please also make sure to include the >CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > >For further information see: > >[0] https://security-tracker.debian.org/tracker/CVE-2026-0959 > https://www.cve.org/CVERecord?id=CVE-2026-0959 >[1] https://security-tracker.debian.org/tracker/CVE-2026-0960 > https://www.cve.org/CVERecord?id=CVE-2026-0960 >[2] https://security-tracker.debian.org/tracker/CVE-2026-0961 > https://www.cve.org/CVERecord?id=CVE-2026-0961 >[3] https://security-tracker.debian.org/tracker/CVE-2026-0962 > https://www.cve.org/CVERecord?id=CVE-2026-0962 > >Regards, >Salvatore
signature.asc
Description: PGP signature
