Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker
/ security-tracker
Commits:
6deb73c1 by Carlos Henrique Lima Melara at 2026-02-28T19:23:13-03:00
CVE-2026-3201,3202,3203/wireshark: triage for bullseye and add NOTEs
Generally follow secteam triage, but mark CVE-2026-3201 as not-affected
for bullseye. For a brief period of time, wireshark had the
vulnerability fix (an upper size limit hardcoded), but it was removed
later on. Luckly bullseye has the commit with the fix. Other suites do
not.
Also add references for the fixes in the master branch and lts ones.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -948,8 +948,12 @@ CVE-2026-3203 (RF4CE Profile protocol dissector crash in
Wireshark 4.6.0 to 4.6.
- wireshark 4.6.4-1
[trixie] - wireshark <no-dsa> (Minor issue)
[bookworm] - wireshark <no-dsa> (Minor issue)
+ [bullseye] - wireshark <postponed> (Minor issue, no PoC or any known
exploit so far)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-07.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/21009
+ NOTE: Fixed by:
https://gitlab.com/wireshark/wireshark/-/commit/17215397c1a5fbb2ef8764b3ec29ec45cde9c153
(master)
+ NOTE: Fixed by:
https://gitlab.com/wireshark/wireshark/-/commit/0c4c5a531f5f8c7b8c7fcffe2178e2b3d00c6d43
(v4.6.4)
+ NOTE: Fixed by:
https://gitlab.com/wireshark/wireshark/-/commit/d487e0e07b15d80cf1521d3eed30f4114a38bf39
(v4.4.14)
CVE-2026-3202 (NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3
allows den ...)
- wireshark 4.6.4-1
[trixie] - wireshark <not-affected> (Vulnerable code not present)
@@ -957,12 +961,18 @@ CVE-2026-3202 (NTS-KE protocol dissector crash in
Wireshark 4.6.0 to 4.6.3 allow
[bullseye] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-06.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/21000
+ NOTE: Fixed by:
https://gitlab.com/wireshark/wireshark/-/commit/5fdfc5780454f9d41e7f462578126e1149f0a04d
(master)
+ NOTE: Fixed by:
https://gitlab.com/wireshark/wireshark/-/commit/73d4e7eaff4b3b4323cf7e273c691ad4e19e9a40
(v4.6.4)
CVE-2026-3201 (USB HID protocol dissector memory exhaustion in Wireshark 4.6.0
to 4.6 ...)
- wireshark 4.6.4-1
[trixie] - wireshark <no-dsa> (Minor issue)
[bookworm] - wireshark <no-dsa> (Minor issue)
+ [bullseye] - wireshark <not-affected> (bullseye has
MAX_REPORT_DESCRIPTOR_COUNT limit check)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-05.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20972
+ NOTE: Fixed by:
https://gitlab.com/wireshark/wireshark/-/commit/f87c426b30e99363bc92dea33d27ea1ebb670be1
(master)
+ NOTE: Fixed by:
https://gitlab.com/wireshark/wireshark/-/commit/168bf057756391ce517e5b02fee63f0361a3e430
(v4.6.4)
+ NOTE: Fixed by:
https://gitlab.com/wireshark/wireshark/-/commit/5e80615ebc95c3f57235ab2699b03e45d8071a1c
(v4.4.14)
CVE-2026-3197
REJECTED
CVE-2026-3194 (A flaw has been found in Chia Blockchain 2.1.0. The affected
element i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6deb73c15d9de77368dfad76ac847f87dea46bfa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6deb73c15d9de77368dfad76ac847f87dea46bfa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
