-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 01 Apr 2008 19:48:19 +0200 Source: wireshark Binary: wireshark-common wireshark tshark wireshark-dev ethereal-common ethereal-dev ethereal tethereal Architecture: source i386 Version: 1.0.0-1 Distribution: unstable Urgency: low Maintainer: Frederic Peters <[EMAIL PROTECTED]> Changed-By: Joost Yervante Damad <[EMAIL PROTECTED]> Description: ethereal - dummy upgrade package for ethereal -> wireshark ethereal-common - dummy upgrade package for ethereal -> wireshark ethereal-dev - dummy upgrade package for ethereal -> wireshark tethereal - dummy upgrade package for ethereal -> wireshark tshark - network traffic analyzer (console) wireshark - network traffic analyzer wireshark-common - network traffic analyser (common files) wireshark-dev - network traffic analyser (development tools) Closes: 117201 172939 369044 452381 468400 472478 Changes: wireshark (1.0.0-1) unstable; urgency=low . * Several security issues were solved in 0.99.7 already: (closes: #452381) * allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector (CVE-2007-6111) * Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. (CVE-2007-6112) * Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP packet (CVE-2007-6113) * Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser (CVE-2007-6114) * Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. (CVE-2007-6115) * The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. (CVE-2007-6116) * Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote attack vectors related to chunked messages. (CVE-2007-6117) * The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. (CVE-2007-6118) * The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. (CVE-2007-6119) * The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. (CVE-2007-6120) * Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. (CVE-2007-6121) * current wireshark has SSL support (closes: #172939) * and H323 support (closes: #117201) * resizing columns bugfix was applied last year (closes: #369044) * new upstream release 1.0.0 http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html * remove debian/ directory from upstream * update 14_disable-cmip.dpatch. * if wireshark has no priv, it now prints: dumpcap: There are no interfaces on which a capture can be done (closes: #468400) * wireshark uses su-to-root now (closes: #472478) * vulnerabilities fixed: * The X.509sat and other dissector could crash (CVE-2008-1561) * The LDAP dissector could crash on Windows and other platforms. (CVE-2008-1562) * The SCCP dissector could crash while using the "decode as" feature (CVE-2008-1563) Files: 16caefa076423ce9ac9f3a9d3ec5ef68 1123 net optional wireshark_1.0.0-1.dsc f3f3d2211fe8b1f4358cd9250d99abe8 17031038 net optional wireshark_1.0.0.orig.tar.gz 8541c018e28eedacb9789cd4381541bb 47800 net optional wireshark_1.0.0-1.diff.gz b90e3a36e4460d8a7128f144ba9b9ae2 9972348 net optional wireshark-common_1.0.0-1_i386.deb de434d2b2a44400743561c141cc1fe63 614052 net optional wireshark_1.0.0-1_i386.deb 77d564ffad0515a12f92835af8388830 110394 net optional tshark_1.0.0-1_i386.deb 5751721c30d3fa09abf6e7b5fd236e28 569014 devel optional wireshark-dev_1.0.0-1_i386.deb c2573b5a6b395761a0cdb5af5080aa8b 24068 net optional ethereal-common_1.0.0-1_i386.deb 6ad67a615453375565c4effa1a1858c2 23682 devel optional ethereal-dev_1.0.0-1_i386.deb 6d7a3d0dde1c88645e660688a5fc89ff 23668 net optional ethereal_1.0.0-1_i386.deb ea8a57cdb74cb573f60bea75cc6e3db0 23674 net optional tethereal_1.0.0-1_i386.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH8pYL0/r2+3z8lN0RAsiaAJwP9fjQA6nBuYKpiqw8/S78n3c+GgCgtEB8 SaGV1uv74uBUuWtMftLXTkw= =54vT -----END PGP SIGNATURE----- Accepted: ethereal-common_1.0.0-1_i386.deb to pool/main/w/wireshark/ethereal-common_1.0.0-1_i386.deb ethereal-dev_1.0.0-1_i386.deb to pool/main/w/wireshark/ethereal-dev_1.0.0-1_i386.deb ethereal_1.0.0-1_i386.deb to pool/main/w/wireshark/ethereal_1.0.0-1_i386.deb tethereal_1.0.0-1_i386.deb to pool/main/w/wireshark/tethereal_1.0.0-1_i386.deb tshark_1.0.0-1_i386.deb to pool/main/w/wireshark/tshark_1.0.0-1_i386.deb wireshark-common_1.0.0-1_i386.deb to pool/main/w/wireshark/wireshark-common_1.0.0-1_i386.deb wireshark-dev_1.0.0-1_i386.deb to pool/main/w/wireshark/wireshark-dev_1.0.0-1_i386.deb wireshark_1.0.0-1.diff.gz to pool/main/w/wireshark/wireshark_1.0.0-1.diff.gz wireshark_1.0.0-1.dsc to pool/main/w/wireshark/wireshark_1.0.0-1.dsc wireshark_1.0.0-1_i386.deb to pool/main/w/wireshark/wireshark_1.0.0-1_i386.deb wireshark_1.0.0.orig.tar.gz to pool/main/w/wireshark/wireshark_1.0.0.orig.tar.gz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]