Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8fb52cb2 by Salvatore Bonaccorso at 2023-06-14T13:36:05+02:00
Track fixed version for wireshark issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1992,7 +1992,7 @@ CVE-2023-2817 (A post-authentication stored cross-site
scripting vulnerability e
NOT-FOR-US: Craft CMS
CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to
3.6.13 ...)
[experimental] - wireshark 4.0.6-1~exp1
- - wireshark <unfixed>
+ - wireshark 4.0.6-1
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <not-affected> (vulnerable code introduced later)
[buster] - wireshark <not-affected> (vulnerable code introduced in 4.0)
@@ -2002,7 +2002,7 @@ CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0
to 4.0.5 and 3.6.0 to 3.
CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5
and 3.6.0 ...)
{DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- - wireshark <unfixed>
+ - wireshark 4.0.6-1
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-16.html
@@ -2010,7 +2010,7 @@ CVE-2023-2856 (VMS TCPIPtrace file parser crash in
Wireshark 4.0.0 to 4.0.5 and
CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and
3.6.0 to 3 ...)
{DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- - wireshark <unfixed>
+ - wireshark 4.0.6-1
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-15.html
@@ -2025,7 +2025,7 @@ CVE-2023-2879 (GDSDB infinite loop in Wireshark 4.0.0 to
4.0.5 and 3.6.0 to 3.6.
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19068
CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to
3.6.13 ...)
[experimental] - wireshark 4.0.6-1~exp1
- - wireshark <unfixed>
+ - wireshark 4.0.6-1
[bullseye] - wireshark <not-affected> (Vulnerable code introduced later)
[buster] - wireshark <not-affected> (BLF support added in 3.6)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-13.html
@@ -2033,7 +2033,7 @@ CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0
to 4.0.5 and 3.6.0 to 3.
NOTE: Introduced after:
https://gitlab.com/wireshark/wireshark/-/commit/796819c955b9dd508d73bb640d56c2625f866862
(v3.5.0)
CVE-2023-2855 (Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0
to 3.6. ...)
[experimental] - wireshark 4.0.6-1~exp1
- - wireshark <unfixed>
+ - wireshark 4.0.6-1
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (Candump support added in 3.2)
@@ -6539,21 +6539,21 @@ CVE-2023-1995
CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to
3.6.12 ...)
{DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- - wireshark <unfixed> (bug #1034721)
+ - wireshark 4.0.6-1 (bug #1034721)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18947
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-11.html
CVE-2023-1993 (LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0
to 3.6 ...)
{DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- - wireshark <unfixed> (bug #1034721)
+ - wireshark 4.0.6-1 (bug #1034721)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18900
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-10.html
CVE-2023-1992 (RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0
to 3.6. ...)
{DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- - wireshark <unfixed> (bug #1034721)
+ - wireshark 4.0.6-1 (bug #1034721)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18852
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-09.html
@@ -15641,7 +15641,7 @@ CVE-2023-1162 (A vulnerability, which was classified as
critical, was found in D
CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to
4.0.3 an ...)
{DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- - wireshark <unfixed> (bug #1033756)
+ - wireshark 4.0.6-1 (bug #1033756)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-08.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18839
@@ -22327,7 +22327,7 @@ CVE-2023-0669 (Fortra (formerly, HelpSystems)
GoAnywhere MFT suffers from a pre-
NOT-FOR-US: Fortra GoAnywhere MFT
CVE-2023-0668 (Due to failure in validating the length provided by an
attacker-crafte ...)
[experimental] - wireshark 4.0.6-1~exp1
- - wireshark <unfixed>
+ - wireshark 4.0.6-1
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (vulnerable code introduced in 3.2)
@@ -22338,7 +22338,7 @@ CVE-2023-0667 (Due to failure in validating the length
provided by an attacker-c
TODO: check
CVE-2023-0666 (Due to failure in validating the length provided by an
attacker-crafte ...)
[experimental] - wireshark 4.0.6-1~exp1
- - wireshark <unfixed>
+ - wireshark 4.0.6-1
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (vulnerable code introduced in 3.4)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb52cb2e5cc11f0d9739ba4e6c7485951e03adb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb52cb2e5cc11f0d9739ba4e6c7485951e03adb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
