Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 19028585 by Salvatore Bonaccorso at 2026-05-14T07:07:52+02:00 Some whreshark updtes for bookworm were already included via DSA 6249-1 The were accepted in the archive in the +deb12u2 version and the DSA 6249-1 did build on top of it. Thus for tracking use the version which would have landed in the archive and is a released version (and as well found via snapshots.d.o) Link: https://snapshot.debian.org/package/wireshark/4.0.17-0%2Bdeb12u2/ - - - - - 2 changed files: - data/CVE/list - data/next-oldstable-point-update.txt Changes: ===================================== data/CVE/list ===================================== @@ -59846,7 +59846,7 @@ CVE-2026-0961 (BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4. CVE-2026-0960 (HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 all ...) {DSA-6124-1 DLA-4479-1} - wireshark 4.6.3-1 (bug #1125690) - [bookworm] - wireshark <no-dsa> (Minor issue) + [bookworm] - wireshark 4.0.17-0+deb12u2 NOTE: https://www.wireshark.org/security/wnpa-sec-2026-04.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20944 CVE-2026-0959 (IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4 ...) @@ -80503,13 +80503,13 @@ CVE-2025-55181 (Sending an HTTP request/response body with greater than 2^31 byt CVE-2025-13946 (MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 t ...) {DSA-6124-1 DLA-4479-1} - wireshark 4.6.2-1 - [bookworm] - wireshark <no-dsa> (Minor issue) + [bookworm] - wireshark 4.0.17-0+deb12u2 NOTE: https://www.wireshark.org/security/wnpa-sec-2025-08.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20884 CVE-2025-13945 (HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of se ...) {DSA-6124-1 DLA-4479-1} - wireshark 4.6.2-1 - [bookworm] - wireshark <no-dsa> (Minor issue) + [bookworm] - wireshark 4.0.17-0+deb12u2 NOTE: https://www.wireshark.org/security/wnpa-sec-2025-07.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20860 CVE-2025-13646 (The Modula Image Gallery plugin for WordPress is vulnerable to arbitra ...) @@ -83005,7 +83005,7 @@ CVE-2025-25613 (FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabi CVE-2025-13499 (Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows de ...) {DSA-6124-1 DLA-4479-1} - wireshark 4.6.1-1 - [bookworm] - wireshark <no-dsa> (Minor issue) + [bookworm] - wireshark 4.0.17-0+deb12u2 NOTE: https://www.wireshark.org/security/wnpa-sec-2025-06.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20823 CVE-2025-13485 (A security flaw has been discovered in itsourcecode Online File Manage ...) @@ -95782,7 +95782,7 @@ CVE-2025-31717 (In modem, there is a possible system crash due to improper input CVE-2025-11626 (MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to ...) {DSA-6124-1 DLA-4479-1} - wireshark 4.6.0-1 (bug #1117852) - [bookworm] - wireshark <no-dsa> (Minor issue) + [bookworm] - wireshark 4.0.17-0+deb12u2 NOTE: https://www.wireshark.org/security/wnpa-sec-2025-04.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20724 CVE-2025-11593 (A flaw has been found in CodeAstro Gym Management System 1.0. This vul ...) @@ -111948,7 +111948,7 @@ CVE-2025-9831 (A weakness has been identified in PHPGurukul Beauty Parlour Manag CVE-2025-9817 (SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of servi ...) {DSA-6124-1} - wireshark 4.4.9-1 - [bookworm] - wireshark <no-dsa> (Minor issue) + [bookworm] - wireshark 4.0.17-0+deb12u2 [bullseye] - wireshark <not-affected> (Vulnerable code introduced later) NOTE: https://www.wireshark.org/security/wnpa-sec-2025-03.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20642 @@ -139582,7 +139582,7 @@ CVE-2025-5601 (Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to {DLA-4479-1} [experimental] - wireshark 4.4.7-0exp1 - wireshark 4.4.7-1 (bug #1107515) - [bookworm] - wireshark <no-dsa> (Minor issue) + [bookworm] - wireshark 4.0.17-0+deb12u2 NOTE: https://www.wireshark.org/security/wnpa-sec-2025-02.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20509 CVE-2025-5600 (A vulnerability, which was classified as critical, has been found in T ...) @@ -175752,7 +175752,7 @@ CVE-2025-21355 (Missing Authentication for Critical Function in Microsoft Bing a NOT-FOR-US: Microsoft CVE-2025-1492 (Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 ...) - wireshark 4.4.4-1 - [bookworm] - wireshark <no-dsa> (Minor issue) + [bookworm] - wireshark 4.0.17-0+deb12u2 [bullseye] - wireshark <not-affected> (Vulnerable dissector not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2025-01.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20373 @@ -201234,7 +201234,7 @@ CVE-2024-52067 (Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 CVE-2024-11596 (ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 al ...) {DLA-4479-1} - wireshark 4.4.2-1 - [bookworm] - wireshark <no-dsa> (Minor issue) + [bookworm] - wireshark 4.0.17-0+deb12u2 NOTE: https://www.wireshark.org/security/wnpa-sec-2024-15.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20214 CVE-2024-11595 (FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2 ...) @@ -215251,7 +215251,7 @@ CVE-2024-9796 (The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not s CVE-2024-9781 (AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4. ...) {DLA-4479-1} - wireshark 4.4.1-1 - [bookworm] - wireshark <no-dsa> (Minor issue) + [bookworm] - wireshark 4.0.17-0+deb12u2 NOTE: https://www.wireshark.org/security/wnpa-sec-2024-13.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20114 CVE-2024-9780 (ITS dissector crash in Wireshark 4.4.0 allows denial of service via pa ...) ===================================== data/next-oldstable-point-update.txt ===================================== @@ -50,26 +50,6 @@ CVE-2026-27810 [bookworm] - calibre 6.13.0+repack-2+deb12u6 CVE-2025-64329 [bookworm] - containerd 1.6.20~ds1-1+deb12u3 -CVE-2024-11596 - [bookworm] - wireshark 4.0.17-0+deb12u2 -CVE-2025-5601 - [bookworm] - wireshark 4.0.17-0+deb12u2 -CVE-2024-9781 - [bookworm] - wireshark 4.0.17-0+deb12u2 -CVE-2025-11626 - [bookworm] - wireshark 4.0.17-0+deb12u2 -CVE-2025-13499 - [bookworm] - wireshark 4.0.17-0+deb12u2 -CVE-2025-13945 - [bookworm] - wireshark 4.0.17-0+deb12u2 -CVE-2025-13946 - [bookworm] - wireshark 4.0.17-0+deb12u2 -CVE-2025-9817 - [bookworm] - wireshark 4.0.17-0+deb12u2 -CVE-2026-0960 - [bookworm] - wireshark 4.0.17-0+deb12u2 -CVE-2025-1492 - [bookworm] - wireshark 4.0.17-0+deb12u2 CVE-2025-48038 [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4 CVE-2025-48039 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/190285855867f1c111527bdb4b400ba8f810e390 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/190285855867f1c111527bdb4b400ba8f810e390 You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
