[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5721/wireshark

Wed, 09 Jan 2019 13:23:54 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fb188b32 by Salvatore Bonaccorso at 2019-01-09T21:23:28Z
Add CVE-2019-5721/wireshark

Issue was adressed in 2.5.1 upstream with the upstream commit

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=177962a5b4a05759b40fb6fc07a4a6eec306a9bf

and cherry-picked for the 2.4.x branch.

2.6.1-1 was the first version in the archive via unstable containing the
change.

For stretch later on wireshark got rebased on rebuild from the unstable
version. The first one in the 2.6.x series on this strategy was
2.6.3-1~deb9u1.

Mark first version via stretch/stretch-security beeing 2.6.3-1~deb9u1 as
the fixed version.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77,7 +77,13 @@ CVE-2019-5723
 CVE-2019-5722
        RESERVED
 CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. 
This was ...)
-       TODO: check
+       - wireshark 2.6.1-1
+       [stretch] - wireshark 2.6.3-1~deb9u1
+       NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14470
+       NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c66174ec7aa19e2ddc79178cf59f15a654fc4fe
+       NOTE: https://www.wireshark.org/security/wnpa-sec-2019-05.html
+       NOTE: Fix for 2.4.x was a cherry pick of:
+       NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=177962a5b4a05759b40fb6fc07a4a6eec306a9bf
 (2.5.1)
 CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix 
configuration ...)
        TODO: check
 CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip 
data-viewport ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb188b3288ae63d19a72f9ce89ec63d59153a66e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb188b3288ae63d19a72f9ce89ec63d59153a66e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to