Your message dated Tue, 06 Oct 2009 20:19:30 +0000
with message-id <[email protected]>
and subject line Bug#547704: fixed in wireshark 1.2.2-1
has caused the Debian Bug report #547704,
regarding CVE-2009-3242,CVE-2009-3241: wireshark DoS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
547704: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547704
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wireshark
Version: 1.2.1-2
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for wireshark.
CVE-2009-3242[0]:
| Unspecified vulnerability in packet.c in the GSM A RR dissector in
| Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of
| service (application crash) via unknown vectors related to "an
| uninitialized dissector handle," which triggers an assertion failure.
CVE-2009-3241[1]:
| Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark
| 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers
| to cause a denial of service (memory and CPU consumption) via
| malformed OPCUA Service CallRequest packets.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3242
http://security-tracker.debian.net/tracker/CVE-2009-3242
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3241
http://security-tracker.debian.net/tracker/CVE-2009-3241
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkq3s9oACgkQNxpp46476ar3XACgimktu1HPD5B4aaWP9JGiU3FT
MT4An1NufYTYUSDhOOgV+lUw9zAeIYOU
=1idt
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: wireshark
Source-Version: 1.2.2-1
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive:
tshark_1.2.2-1_amd64.deb
to pool/main/w/wireshark/tshark_1.2.2-1_amd64.deb
wireshark-common_1.2.2-1_amd64.deb
to pool/main/w/wireshark/wireshark-common_1.2.2-1_amd64.deb
wireshark-dev_1.2.2-1_amd64.deb
to pool/main/w/wireshark/wireshark-dev_1.2.2-1_amd64.deb
wireshark_1.2.2-1.diff.gz
to pool/main/w/wireshark/wireshark_1.2.2-1.diff.gz
wireshark_1.2.2-1.dsc
to pool/main/w/wireshark/wireshark_1.2.2-1.dsc
wireshark_1.2.2-1_amd64.deb
to pool/main/w/wireshark/wireshark_1.2.2-1_amd64.deb
wireshark_1.2.2.orig.tar.gz
to pool/main/w/wireshark/wireshark_1.2.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <[email protected]> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 28 Aug 2009 00:44:22 +0200
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev
Architecture: source amd64
Version: 1.2.2-1
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <[email protected]>
Changed-By: Balint Reczey <[email protected]>
Description:
tshark - network traffic analyzer (console)
wireshark - network traffic analyzer
wireshark-common - network traffic analyser (common files)
wireshark-dev - network traffic analyser (development tools)
Closes: 542736 547704
Changes:
wireshark (1.2.2-1) unstable; urgency=high
.
* New upstream release 1.2.2
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html
- security fixes
- The GSM A RR dissector could crash. (CVE-2009-3242)
- The OpcUa dissector could use excessive CPU and memory.
(CVE-2009-3241)
- The TLS dissector could crash on some platforms.
(Closes: #547704)
* dropped sigpipe patch as it has been integrated upstream
* debian/{control,rules}: add and enable hardened build for PIE
Thanks to Kees Cook <[email protected]> for the patch. (Closes: #542736)
* update standards-version to 3.8.3
* applied dumpcap patch that was added to source package in 1.0.7-1
but was not applied during build
Checksums-Sha1:
f8de16c19f299208bf26d7d7f1f12498e87bc833 1528 wireshark_1.2.2-1.dsc
263425705a7b71cd2285a70024805cb2dd38d56f 19555509 wireshark_1.2.2.orig.tar.gz
6ee777e357f0f6daa985eada5596d4ede9f61e89 36200 wireshark_1.2.2-1.diff.gz
8803d75b3e1525cff4e91e9f3c978406d26a76ff 13666566
wireshark-common_1.2.2-1_amd64.deb
f8e19616a6edeafc930b0ce2992f3f69cebba6cf 790410 wireshark_1.2.2-1_amd64.deb
74356020e7c32b53e432d20cd197ef61751ee30e 128898 tshark_1.2.2-1_amd64.deb
f56a9bfdbc7af252b84d9d64b82e0bee5e1eabbe 786206 wireshark-dev_1.2.2-1_amd64.deb
Checksums-Sha256:
98186e53072a10c4eeef395d84b4738659f31446c83fb3488cd712d2fd7a8489 1528
wireshark_1.2.2-1.dsc
552b58bd602433ede5b17c262a4a8aaaed5ba2024885311e6d1681314bbcb59e 19555509
wireshark_1.2.2.orig.tar.gz
27c015bb9d30e9982ba776bec57a5e345b3cb2073851c499841d48b11e3e5a80 36200
wireshark_1.2.2-1.diff.gz
1e5ff13596d4b62f7b3ce0afbb4901abd2f9a2c70ca2a191b43d242a7e2ec031 13666566
wireshark-common_1.2.2-1_amd64.deb
d029f04d72707b1a813779bf1582ee1c0fcadf19e931971ee4781dc79034b6ae 790410
wireshark_1.2.2-1_amd64.deb
4764dc5a53c260e4d938f696ae5987a02c2869f07999593ec5ee0651904e4935 128898
tshark_1.2.2-1_amd64.deb
98014fd1044d1771cb6a89013d42d1ab87c5d55e7f6f94c0db9f63432cf17031 786206
wireshark-dev_1.2.2-1_amd64.deb
Files:
de9d82784a44dafde505e1aa6e63cfed 1528 net optional wireshark_1.2.2-1.dsc
cb9c212d77bf99273c1b70d499b236b8 19555509 net optional
wireshark_1.2.2.orig.tar.gz
b0a70bd707cd33a8b7af0a92afa86cd4 36200 net optional wireshark_1.2.2-1.diff.gz
d86734cc574bc2c8d5d1b90f93bc1700 13666566 net optional
wireshark-common_1.2.2-1_amd64.deb
6d7fa1756511ddf5baedab26a194119f 790410 net optional
wireshark_1.2.2-1_amd64.deb
92bea6dc2acfaacf17c5deee78020b99 128898 net optional tshark_1.2.2-1_amd64.deb
d1447b8f4f0bd22ae496ab4dbefd1e37 786206 devel optional
wireshark-dev_1.2.2-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrLoaoACgkQ0/r2+3z8lN3iNgCghuZpxbzU1ZD+w+JvvF0ChC8m
k2gAoIJiAI/bHP6csmXzvxNetOnWPLuq
=TcPx
-----END PGP SIGNATURE-----
--- End Message ---
