Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: fb188b32 by Salvatore Bonaccorso at 2019-01-09T21:23:28Z Add CVE-2019-5721/wireshark Issue was adressed in 2.5.1 upstream with the upstream commit https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=177962a5b4a05759b40fb6fc07a4a6eec306a9bf and cherry-picked for the 2.4.x branch. 2.6.1-1 was the first version in the archive via unstable containing the change. For stretch later on wireshark got rebased on rebuild from the unstable version. The first one in the 2.6.x series on this strategy was 2.6.3-1~deb9u1. Mark first version via stretch/stretch-security beeing 2.6.3-1~deb9u1 as the fixed version. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -77,7 +77,13 @@ CVE-2019-5723 CVE-2019-5722 RESERVED CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was ...) - TODO: check + - wireshark 2.6.1-1 + [stretch] - wireshark 2.6.3-1~deb9u1 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14470 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c66174ec7aa19e2ddc79178cf59f15a654fc4fe + NOTE: https://www.wireshark.org/security/wnpa-sec-2019-05.html + NOTE: Fix for 2.4.x was a cherry pick of: + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=177962a5b4a05759b40fb6fc07a4a6eec306a9bf (2.5.1) CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix configuration ...) TODO: check CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb188b3288ae63d19a72f9ce89ec63d59153a66e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb188b3288ae63d19a72f9ce89ec63d59153a66e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits