Your message dated Thu, 07 May 2026 09:47:07 +0000
with message-id <[email protected]>
and subject line Bug#1135323: fixed in wireshark 4.4.15-0+deb13u1
has caused the Debian Bug report #1135323,
regarding wireshark: CVE-2026-5299 CVE-2026-5401 CVE-2026-5402 CVE-2026-5406
CVE-2026-5407 CVE-2026-5408 CVE-2026-5409 CVE-2026-5653 CVE-2026-5654
CVE-2026-5655 CVE-2026-5657 CVE-2026-6519 CVE-2026-6520 CVE-2026-6521
CVE-2026-6522 CVE-2026-6523 CVE-2026-6524 CVE-2026-6526 CVE-2026-6527
CVE-2026-6528 CVE-2026-6529 CVE-2026-6530 CVE-2026-6531 CVE-2026-6532
CVE-2026-6533 CVE-2026-6534 CVE-2026-6535 CVE-2026-6536 CVE-2026-6537
CVE-2026-6538 CVE-2026-6867 CVE-2026-6868 CVE-2026-6869 CVE-2026-6870
CVE-2026-7375 CVE-2026-7376 CVE-2026-7378 CVE-2026-7379 CVE-2026-5403
CVE-2026-5404 CVE-2026-5405 CVE-2026-5656
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1135323: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135323
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wireshark
Version: 4.6.4-1
Severity: grave
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for wireshark.
CVE-2026-5299[0]:
| ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and
| 4.4.0 to 4.4.14 allows denial of service
CVE-2026-5401[1]:
| AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4
| and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-5402[2]:
| TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4
| allows denial of service and possible code execution
CVE-2026-5406[3]:
| FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and
| 4.4.0 to 4.4.14 allows denial of service
CVE-2026-5407[4]:
| SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4
| and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-5408[5]:
| BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and
| 4.4.0 to 4.4.14 allows denial of service
CVE-2026-5409[6]:
| Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and
| 4.4.0 to 4.4.14 allows denial of service
CVE-2026-5653[7]:
| DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and
| 4.4.0 to 4.4.14 allows denial of service
CVE-2026-5654[8]:
| AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14
| allows denial of service
CVE-2026-5655[9]:
| SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows
| denial of service
CVE-2026-5657[10]:
| iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14
| allows denial of service
CVE-2026-6519[11]:
| MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4
| and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6520[12]:
| OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to
| 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6521[13]:
| OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to
| 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6522[14]:
| RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to
| 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6523[15]:
| GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and
| 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6524[16]:
| MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0
| to 4.4.14 allows denial of service
CVE-2026-6526[17]:
| RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4
CVE-2026-6527[18]:
| ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and
| 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6528[19]:
| TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4
| allows denial of service
CVE-2026-6529[20]:
| iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to
| 4.4.14 allows denial of service
CVE-2026-6530[21]:
| DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and
| 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6531[22]:
| SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4
| and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6532[23]:
| Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and
| 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6533[24]:
| Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to
| 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6534[25]:
| USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4
| and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6535[26]:
| Dissection engine zlib decompression crash in Wireshark 4.6.0 to
| 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6536[27]:
| DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to
| 4.6.4
CVE-2026-6537[28]:
| ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and
| 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6538[29]:
| BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0
| to 4.4.14 allows denial of service
CVE-2026-6867[30]:
| SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0
| to 4.4.14 allows denial of service
CVE-2026-6868[31]:
| HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0
| to 4.4.14 allows denial of service
CVE-2026-6869[32]:
| WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and
| 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6870[33]:
| GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and
| 4.4.0 to 4.4.14 allows denial of service
CVE-2026-7375[34]:
| UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and
| 4.4.0 to 4.4.14 allows denial of service
CVE-2026-7376[35]:
| Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of
| service
CVE-2026-7378[36]:
| Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of
| service
CVE-2026-7379[37]:
| Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows
| denial of service
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-5299
https://www.cve.org/CVERecord?id=CVE-2026-5299
[1] https://security-tracker.debian.org/tracker/CVE-2026-5401
https://www.cve.org/CVERecord?id=CVE-2026-5401
[2] https://security-tracker.debian.org/tracker/CVE-2026-5402
https://www.cve.org/CVERecord?id=CVE-2026-5402
[3] https://security-tracker.debian.org/tracker/CVE-2026-5406
https://www.cve.org/CVERecord?id=CVE-2026-5406
[4] https://security-tracker.debian.org/tracker/CVE-2026-5407
https://www.cve.org/CVERecord?id=CVE-2026-5407
[5] https://security-tracker.debian.org/tracker/CVE-2026-5408
https://www.cve.org/CVERecord?id=CVE-2026-5408
[6] https://security-tracker.debian.org/tracker/CVE-2026-5409
https://www.cve.org/CVERecord?id=CVE-2026-5409
[7] https://security-tracker.debian.org/tracker/CVE-2026-5653
https://www.cve.org/CVERecord?id=CVE-2026-5653
[8] https://security-tracker.debian.org/tracker/CVE-2026-5654
https://www.cve.org/CVERecord?id=CVE-2026-5654
[9] https://security-tracker.debian.org/tracker/CVE-2026-5655
https://www.cve.org/CVERecord?id=CVE-2026-5655
[10] https://security-tracker.debian.org/tracker/CVE-2026-5657
https://www.cve.org/CVERecord?id=CVE-2026-5657
[11] https://security-tracker.debian.org/tracker/CVE-2026-6519
https://www.cve.org/CVERecord?id=CVE-2026-6519
[12] https://security-tracker.debian.org/tracker/CVE-2026-6520
https://www.cve.org/CVERecord?id=CVE-2026-6520
[13] https://security-tracker.debian.org/tracker/CVE-2026-6521
https://www.cve.org/CVERecord?id=CVE-2026-6521
[14] https://security-tracker.debian.org/tracker/CVE-2026-6522
https://www.cve.org/CVERecord?id=CVE-2026-6522
[15] https://security-tracker.debian.org/tracker/CVE-2026-6523
https://www.cve.org/CVERecord?id=CVE-2026-6523
[16] https://security-tracker.debian.org/tracker/CVE-2026-6524
https://www.cve.org/CVERecord?id=CVE-2026-6524
[17] https://security-tracker.debian.org/tracker/CVE-2026-6526
https://www.cve.org/CVERecord?id=CVE-2026-6526
[18] https://security-tracker.debian.org/tracker/CVE-2026-6527
https://www.cve.org/CVERecord?id=CVE-2026-6527
[19] https://security-tracker.debian.org/tracker/CVE-2026-6528
https://www.cve.org/CVERecord?id=CVE-2026-6528
[20] https://security-tracker.debian.org/tracker/CVE-2026-6529
https://www.cve.org/CVERecord?id=CVE-2026-6529
[21] https://security-tracker.debian.org/tracker/CVE-2026-6530
https://www.cve.org/CVERecord?id=CVE-2026-6530
[22] https://security-tracker.debian.org/tracker/CVE-2026-6531
https://www.cve.org/CVERecord?id=CVE-2026-6531
[23] https://security-tracker.debian.org/tracker/CVE-2026-6532
https://www.cve.org/CVERecord?id=CVE-2026-6532
[24] https://security-tracker.debian.org/tracker/CVE-2026-6533
https://www.cve.org/CVERecord?id=CVE-2026-6533
[25] https://security-tracker.debian.org/tracker/CVE-2026-6534
https://www.cve.org/CVERecord?id=CVE-2026-6534
[26] https://security-tracker.debian.org/tracker/CVE-2026-6535
https://www.cve.org/CVERecord?id=CVE-2026-6535
[27] https://security-tracker.debian.org/tracker/CVE-2026-6536
https://www.cve.org/CVERecord?id=CVE-2026-6536
[28] https://security-tracker.debian.org/tracker/CVE-2026-6537
https://www.cve.org/CVERecord?id=CVE-2026-6537
[29] https://security-tracker.debian.org/tracker/CVE-2026-6538
https://www.cve.org/CVERecord?id=CVE-2026-6538
[30] https://security-tracker.debian.org/tracker/CVE-2026-6867
https://www.cve.org/CVERecord?id=CVE-2026-6867
[31] https://security-tracker.debian.org/tracker/CVE-2026-6868
https://www.cve.org/CVERecord?id=CVE-2026-6868
[32] https://security-tracker.debian.org/tracker/CVE-2026-6869
https://www.cve.org/CVERecord?id=CVE-2026-6869
[33] https://security-tracker.debian.org/tracker/CVE-2026-6870
https://www.cve.org/CVERecord?id=CVE-2026-6870
[34] https://security-tracker.debian.org/tracker/CVE-2026-7375
https://www.cve.org/CVERecord?id=CVE-2026-7375
[35] https://security-tracker.debian.org/tracker/CVE-2026-7376
https://www.cve.org/CVERecord?id=CVE-2026-7376
[36] https://security-tracker.debian.org/tracker/CVE-2026-7378
https://www.cve.org/CVERecord?id=CVE-2026-7378
[37] https://security-tracker.debian.org/tracker/CVE-2026-7379
https://www.cve.org/CVERecord?id=CVE-2026-7379
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wireshark
Source-Version: 4.4.15-0+deb13u1
Done: Matheus Polkorny <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matheus Polkorny <[email protected]> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 01 May 2026 17:07:33 -0300
Source: wireshark
Architecture: source
Version: 4.4.15-0+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Balint Reczey <[email protected]>
Changed-By: Matheus Polkorny <[email protected]>
Closes: 1135323
Changes:
wireshark (4.4.15-0+deb13u1) trixie-security; urgency=medium
.
* Team upload.
* New upstream version 4.4.15 (Closes: #1135323)
- CVE-2026-7379: Memory leak in sharkd, allows DoS
- CVE-2026-7378: Crash in sharkd, allows DoS
- CVE-2026-7376: Crash in sharkd, allows DoS
- CVE-2026-7375: UDS Infinite loop, allows DoS
- CVE-2026-6870: GSM dissector crash leading to DoS
- CVE-2026-6869: WebSocket dissector crash leading to DoS
- CVE-2026-6868: HTTP dissector crash leading to DoS
- CVE-2026-6867: SMB2 dissector crash leading to DoS
- CVE-2026-6538: BEEP dissector crash leading to DoS
- CVE-2026-6537: ZigBee dissector crash leading to DoS
- CVE-2026-6535: zlib crash in Wireshark, allows DoS
- CVE-2026-6534: USB infinite loop, allows DoS
- CVE-2026-6533: LZ77 crash in Wireshark, allows DoS
- CVE-2026-6532: Kismet crash in Wireshark, allows DoS
- CVE-2026-6531: SANE Infinite loop, allows DoS
- CVE-2026-6530: DCP-ETSI crash in Wireshark, allows DoS
- CVE-2026-6529: iLBC crash in Wireshark, allows DoS
- CVE-2026-6527: ASN.1 crash in Wireshark, allows DoS
- CVE-2026-6524: MySQL crash in Wireshark, allows DoS
- CVE-2026-6523: GNW Infinite loop, allows DoS
- CVE-2026-6522: RPKI-Router Infinite loop, allows DoS
- CVE-2026-6521: OpenFlow v5 Infinite loop, allows DoS
- CVE-2026-6520: OpenFlow v6 Infinite loop, allows DoS
- CVE-2026-6519: MBIM Infinite loop, allows DoS
- CVE-2026-5657: iLBC crash in Wireshark, allows DoS
- CVE-2026-5656: Profile import path traversal DoS/RCE
- CVE-2026-5654: AMR-NB crash in Wireshark, allows DoS
- CVE-2026-5653: DCP-ETSI crash in Wireshark, allows DoS
- CVE-2026-5409: Monero crash in Wireshark, allows DoS
- CVE-2026-5408: BT-DHT crash in Wireshark, allows DoS
- CVE-2026-5407: SMB2 Infinite loop, allows DoS
- CVE-2026-5406: FC-SWILS crash in Wireshark, allows DoS
- CVE-2026-5405: RDP crash in Wireshark, allows DoS/RCE
- CVE-2026-5404: K12 RF5 parser crash DoS, allows DoS
- CVE-2026-5403: SBC crash in Wireshark, allows DoS/RCE
- CVE-2026-5401: AFP Spotlight crash in Wireshark, allows DoS
- CVE-2026-5299: ICMPv6 PvD crash in Wireshark, allows DoS
* d/gbp.conf: Update to trixie
* d/libwsutil16.symbols: Update symbols to reflect upstream
* d/libwireshark18.symbols: Update symbols to reflect upstream
* d/watch: Restrict to 4.4.x releases
Checksums-Sha1:
864b3e2aeac83917723956c96e543bb8dd26b4a3 3470 wireshark_4.4.15-0+deb13u1.dsc
078f37e29642c8845798d366678f3e39f74443d5 50773890 wireshark_4.4.15.orig.tar.bz2
994b321e689ce488e0d022773ab3b65b57afa466 87000
wireshark_4.4.15-0+deb13u1.debian.tar.xz
743c7eb17d24c6bc7c977c0ed3a62a57491cdea4 25390
wireshark_4.4.15-0+deb13u1_amd64.buildinfo
Checksums-Sha256:
0cd47ab9c11b37a5f8d700c93648d9983e1261361fa4179cec0e146977bbf7e5 3470
wireshark_4.4.15-0+deb13u1.dsc
81f3b7b3f4a8ec40f499127fa9a647bd036688c6fc982b2fcd7e0a9a26a31dda 50773890
wireshark_4.4.15.orig.tar.bz2
0e8fb03ad8185387f87193f37ff45bf81a81eff0c8f63789dba74f4250365fc2 87000
wireshark_4.4.15-0+deb13u1.debian.tar.xz
cfe36750dc70323ba61fcb6e294a28f5a97ec436e63d9f3ddce230bcc66d88e0 25390
wireshark_4.4.15-0+deb13u1_amd64.buildinfo
Files:
1b5819b57a9039ff16e88594d3090ced 3470 net optional
wireshark_4.4.15-0+deb13u1.dsc
66b064839f433757b5451f5561cefa06 50773890 net optional
wireshark_4.4.15.orig.tar.bz2
4aedb2a2328c51712917d38f12354f32 87000 net optional
wireshark_4.4.15-0+deb13u1.debian.tar.xz
0da81f308f42a8fb1d368573149433fa 25390 net optional
wireshark_4.4.15-0+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEECgzx8d8+AINglLHJt4M9ggJ8mQsFAmn5Jn8ACgkQt4M9ggJ8
mQtiNw/6A4qL6W0VHUmVd6FIpbyx/yJPnvQtJbMDy8WFCYIV75tH3gzKejmAQSBh
z0iudO7vZH1ihhwIb4ED83aPVFrZwCBrCKGFTojtS7gp75m60HbbHXM5veGp2KYk
PCD9WL+ojfZ18XQiIMkcYLeEiMDmPwT5b65uEg+GvROCYJ49JFGBrYJr0Hqc5MGt
jNdEiNXdFy19drUAV3Q2kEXyuxgi77Tdb5ECWQF6LyMM8kfKfuKFRot0gSB5RsKQ
tlPWimTC466kzOSWm4wfPbdjPgXL2q1Jxyac+T5AAWIuFnUcENy2Myo+tK5xceiK
WV9Pb+WH7D0FXY7fNr25HqqnmhPDZ5Zty20xsBmdE/61W0x34cDLqeMGk9oomYXf
KXLHwki86AxgRiZ9xx8+pbLYz0nYZjfjGWQoUB+i+vltrrzg7ssm22/FREReYjYZ
YrW0KCUfnaRAPwwS2Upc3dFtTcDJ607A5/WbQm3m62ccQKgjMSngvu+QXrDSWLou
BrjzAPRguonu28gi5OuZqcYUKZhC9KeDVErwRdShesNdB2zoyJGiKJyhRV29dCMh
djlnUY7+wT5gob8cywt626C2b3i6jjAXzMXtCuxKSTqzpQVYTIT4xHOotLiY94ny
CSsBaG6CgmxXHTUwsW8nyCYh18cPzrRMr+QzdbLnD9MOXo8eTQg=
=T7FS
-----END PGP SIGNATURE-----
pgpG2Ik3hbNY1.pgp
Description: PGP signature
--- End Message ---
