Your message dated Thu, 20 Jun 2013 22:17:44 +0000
with message-id <[email protected]>
and subject line Bug#711918: fixed in wireshark 1.8.2-5wheezy4
has caused the Debian Bug report #711918,
regarding wireshark: Multiple vulnerabilities in wireshark dissectors
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
711918: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711918
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wireshark
Severity: serious
Hi,
multiple vulnerabilities were found in various wireshark detectors:
CVE-2013-4074 wireshark: DoS (crash) in the CAPWAP dissector
CVE-2013-4075 wireshark: DoS (crash) in the GMR-1 BCCH dissector
CVE-2013-4076 wireshark: Invalid free in the PPP dissector
CVE-2013-4077 wireshark: Array index error in the NBAP dissector
CVE-2013-4078 wireshark: DoS (infinite loop) in the RDP dissector
CVE-2013-4079 wireshark: DoS (infinite loop, application hang) in the GSM CBCH
dissector
CVE-2013-4080 wireshark: DoS (infinite loop, CPU & memory consumption) in the
Assa Abloy R3 dissector
CVE-2013-4081 wireshark: DoS (infinite loop) in the HTTP dissector
CVE-2013-4082 wireshark: Heap-based buffer overflow in the Ixia
IxVeriWave file parser
More information can be found on the 1.8.8 and 1.6.16 release notes.
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.9-1-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: wireshark
Source-Version: 1.8.2-5wheezy4
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <[email protected]> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 13 Jun 2013 12:12:21 -0600
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg
wireshark-doc libwireshark2 libwsutil2 libwsutil-dev libwireshark-data
libwireshark-dev libwiretap2 libwiretap-dev
Architecture: source all amd64
Version: 1.8.2-5wheezy4
Distribution: wheezy-security
Urgency: high
Maintainer: Balint Reczey <[email protected]>
Changed-By: Balint Reczey <[email protected]>
Description:
libwireshark-data - network packet dissection library -- data files
libwireshark-dev - network packet dissection library -- development files
libwireshark2 - network packet dissection library -- shared library
libwiretap-dev - network packet capture library -- development files
libwiretap2 - network packet capture library -- shared library
libwsutil-dev - network packet dissection utilities library -- shared library
libwsutil2 - network packet dissection utilities library -- shared library
tshark - network traffic analyzer - console version
wireshark - network traffic analyzer - GTK+ version
wireshark-common - network traffic analyzer - common files
wireshark-dbg - network traffic analyzer - debug symbols
wireshark-dev - network traffic analyzer - development tools
wireshark-doc - network traffic analyzer - documentation
Closes: 711918
Changes:
wireshark (1.8.2-5wheezy4) wheezy-security; urgency=high
.
* security fixes from Wireshark 1.8.8 (Closes: #711918):
- The CAPWAP dissector could crash. Discovered by Laurent Butti.
(CVE-2013-4074)
- The GMR-1 BCCH dissector could crash.
Discovered by Sylvain Munaut and Laurent Butti. (CVE-2013-4075)
- The PPP dissector could crash. Discovered by Laurent Butti.
(CVE-2013-4076)
- The NBAP dissector could crash. (CVE-2013-4077)
- The RDP dissector could crash. Discovered by Laurent Butti.
(CVE-2013-4078)
- The HTTP dissector could overrun the stack. (CVE-2013-4081)
- The Ixia IxVeriWave file parser could overflow the heap.
Discovered by Sachin Shinde. (CVE-2013-4082)
- The DCP ETSI dissector could crash. (CVE-2013-4083)
Checksums-Sha1:
8857184f2626323022c0564d73764839f53ad5c7 2967 wireshark_1.8.2-5wheezy4.dsc
7fad19dbbbf5c1357f50d6ca9318c121f41eeb53 102012
wireshark_1.8.2-5wheezy4.debian.tar.gz
b5df28a241c800361e9fe6ae86b7337757bd9fc2 3849874
wireshark-doc_1.8.2-5wheezy4_all.deb
00391bfc85c855daae06fe035392d200651dfee9 1223138
libwireshark-data_1.8.2-5wheezy4_all.deb
f05a9f2265ad10486933251232c0cdf3d54525ac 227902
wireshark-common_1.8.2-5wheezy4_amd64.deb
8c92a2af7b927f21147a449f615943fcbd028a72 981174
wireshark_1.8.2-5wheezy4_amd64.deb
003d3afa649d95e6305530f408a43eeb8e6870af 177810 tshark_1.8.2-5wheezy4_amd64.deb
d0c462406b25e831e95abfc99335f45e5de851ea 176400
wireshark-dev_1.8.2-5wheezy4_amd64.deb
7dc3827743b8cc364ea09c5ff5eb7f0f98c8c0a6 28290420
wireshark-dbg_1.8.2-5wheezy4_amd64.deb
f66b588f1fd6964cf881b31caf706377c38a429f 13437848
libwireshark2_1.8.2-5wheezy4_amd64.deb
4b050ff4a31ddd916c994805974bbe74365d2e59 50296
libwsutil2_1.8.2-5wheezy4_amd64.deb
61f1e2101d2f1cc2fe220440b73c2a806977c495 49474
libwsutil-dev_1.8.2-5wheezy4_amd64.deb
9f225746601dc826ef352b6bc7136473dc6152ea 885732
libwireshark-dev_1.8.2-5wheezy4_amd64.deb
13017c049998e3a95923c4ae758512c953b5f315 190606
libwiretap2_1.8.2-5wheezy4_amd64.deb
dc0879e88e2c704a43b79519a78e7161ee620f55 70064
libwiretap-dev_1.8.2-5wheezy4_amd64.deb
Checksums-Sha256:
38e0ab0427622ea77e53ed03417f29f4d0230871880d6cdbe9401963ccd6c1f9 2967
wireshark_1.8.2-5wheezy4.dsc
b5f853f6449a40be96b861a516f88250845ea72ca38cbf8a48079a6d9757d0b7 102012
wireshark_1.8.2-5wheezy4.debian.tar.gz
d860de7c074d16464f08c847409c82dcead883932a9331cd4759a0f4bab96dd7 3849874
wireshark-doc_1.8.2-5wheezy4_all.deb
cbb72399fab73d2a00f26d99d1ac70ad1d1ed3cc81eb1064f79b9f2f4041cd8f 1223138
libwireshark-data_1.8.2-5wheezy4_all.deb
49e08dcff5284d8d22d12ae4bcc60e6313170419f2f8bf051a4c07555d9f0fe0 227902
wireshark-common_1.8.2-5wheezy4_amd64.deb
2053716192104422f2f405be2e6b087a842ab72514698296c35011c55b78779c 981174
wireshark_1.8.2-5wheezy4_amd64.deb
ab3d2414f3d639b393c8ba508d752bd371954f399b489cbd76260950a4d037c8 177810
tshark_1.8.2-5wheezy4_amd64.deb
2bce7b92d1d3b44ec0136de0211977061cc74c3e5f886673a4a0acfc8a21bee0 176400
wireshark-dev_1.8.2-5wheezy4_amd64.deb
125094e479ecb9f2034cb8cfefa9ae86ab06ea81395dcfdaa8c09d549b413ee3 28290420
wireshark-dbg_1.8.2-5wheezy4_amd64.deb
d0f6a3ae6fa890e026984828253d959eba58935834949cb267e1eb51f16e1f79 13437848
libwireshark2_1.8.2-5wheezy4_amd64.deb
c67f1e0c328e4b13e5044e4490295c7ff3c254d8c74a02977bbc6700d25c2302 50296
libwsutil2_1.8.2-5wheezy4_amd64.deb
e057c5447f8c40d68000730bf118625334965ef7ab3d5b2449f34ffdb910ec5f 49474
libwsutil-dev_1.8.2-5wheezy4_amd64.deb
beb9d8e0fd474be27e4c6da0c2bee61669e83b264fa53834f37c4f495efb300c 885732
libwireshark-dev_1.8.2-5wheezy4_amd64.deb
83bba45e062f03ec5da076a2c3b70fe0a18f395bb9bb84839eacc4f838bab61c 190606
libwiretap2_1.8.2-5wheezy4_amd64.deb
432c91d2b1742e15194088fb5c35978b4f2b6751cbda9bec717baa826d5e58bf 70064
libwiretap-dev_1.8.2-5wheezy4_amd64.deb
Files:
38d5d86b15b40ed94429bd19b91d24af 2967 net optional wireshark_1.8.2-5wheezy4.dsc
ee8b5024929195b18b7265a9f08a5ac8 102012 net optional
wireshark_1.8.2-5wheezy4.debian.tar.gz
71289f01d3a77e15284c7c5f0fc96f16 3849874 doc extra
wireshark-doc_1.8.2-5wheezy4_all.deb
276017e26bd761bb027f601745607980 1223138 libs optional
libwireshark-data_1.8.2-5wheezy4_all.deb
48d26005996e3656c6c291e0a3440d32 227902 net optional
wireshark-common_1.8.2-5wheezy4_amd64.deb
db616147e6777a60e18c016407a758ca 981174 net optional
wireshark_1.8.2-5wheezy4_amd64.deb
6b5a368b09daa725f38c9222dbb0e633 177810 net optional
tshark_1.8.2-5wheezy4_amd64.deb
4cef1e4e07623495b9d1e4e21a9519a7 176400 devel optional
wireshark-dev_1.8.2-5wheezy4_amd64.deb
33b688dc24f724e4db42241a3493cdd6 28290420 debug extra
wireshark-dbg_1.8.2-5wheezy4_amd64.deb
382229390f7ff50766873a987124a750 13437848 libs optional
libwireshark2_1.8.2-5wheezy4_amd64.deb
96a3ea243e518f88c27916d34bbe0f96 50296 libs optional
libwsutil2_1.8.2-5wheezy4_amd64.deb
b36ffe8a4d0ce1bb8c2e61645f566580 49474 libdevel optional
libwsutil-dev_1.8.2-5wheezy4_amd64.deb
8f4b9df10b302eea9130988b2215ab6b 885732 libdevel optional
libwireshark-dev_1.8.2-5wheezy4_amd64.deb
0fc2a271a106229e2e501a741458b395 190606 libs optional
libwiretap2_1.8.2-5wheezy4_amd64.deb
87e06a1cc406592102e20cc861e2c06d 70064 libdevel optional
libwiretap-dev_1.8.2-5wheezy4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRvlLUAAoJEPZk0la0aRp9KIQQAKjbdP2J6VSv3PB6BHKELQ+J
RhsnHPzLKJHC6iRlAMMew0jxtoHXY9MEWXUD827QPj91dgHwAZSr+FgNSkMklKBH
2bysu89eMEEw0AW22yIY7NThtSnSZxQSFy1uNs7TDJcstqomker1vExf73iJdXi5
USS26uIOMmgny93cczOoWq5WCd4aP72GSB8OHIvAzKBo0ThYYy0R6Q/Es8OkIWaq
KHUJwDsmQXyIXhTdePI/g3s1GF3JyBQn0uZzlYqOReWPLlCTFrGvKnxQlq/fGwdF
JIbQfnrlpdszCCKQYiZiImyzTQSBmIOzJzijBFW/pH21mKZLzHKd//uRyfxtyScK
dk/n5v9WeA1urP4xo1DOwJ3de6wXxxa9pYMJQNXZK/Ipf9a7dMPBAtwJpsbfT5ur
7IzMTyBYcj13nQKVF87U1vy13cAencDVl7xU1VO3zvZMCTiSZzLGSUDuiM/2OgZU
G5pcQLC3mQW4PF5CNbFu6pXLfLWsS/VS6yaUPf3HNTjQWsKJP/Hs1UTKbpW9LM2m
95ZDPiv74APjXW/o22lN77rkxbwTgcsvX5ez3VWjKhDPOv4/eQJZWzP9Sp7E5M25
lPe+Xip6EeBFOX5UNyDl1w2pnmMK+MKBdIJWE1a6Qzz70y2teviUXHl/MpA/gZcH
Nu7gKILbZth9HruB95vW
=peMv
-----END PGP SIGNATURE-----
--- End Message ---
