Your message dated Tue, 14 Jun 2011 22:01:12 +0200
with message-id <[email protected]>
and subject line 1.6.0-1 fixes #630159
has caused the Debian Bug report #630159,
regarding wireshark: multiple security issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
630159: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630159
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wireshark
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for wireshark.
CVE-2011-2175[0]:
| Integer underflow in the visual_read function in wiretap/visual.c in
| Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote
| attackers to cause a denial of service (application crash) via a
| malformed Visual Networks file that triggers a heap-based buffer
| over-read.
CVE-2011-2174[1]:
| Double free vulnerability in the tvb_uncompress function in
| epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7
| allows remote attackers to cause a denial of service (application
| crash) via a packet with malformed data that uses zlib compression.
CVE-2011-1959[2]:
| The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before
| 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain
| virtualizable buffers, which allows remote attackers to cause a denial
| of service (application crash) via a large length value in a snoop
| file that triggers a stack-based buffer over-read.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2175
http://security-tracker.debian.org/tracker/CVE-2011-2175
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2174
http://security-tracker.debian.org/tracker/CVE-2011-2174
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1959
http://security-tracker.debian.org/tracker/CVE-2011-1959
--
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
pgp9VAOyVbIfH.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
fixed 630159 1.6.0-1
thanks
--- End Message ---