On Fri, Dec 5, 2025 at 9:11 PM Hitendra Prajapati via lists.openembedded.org <[email protected]> wrote: > > Upstream-Status: Backport from > https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7 > > Signed-off-by: Hitendra Prajapati <[email protected]> > --- > .../wireshark/files/CVE-2025-13499.patch | 45 +++++++++++++++++++ > .../wireshark/wireshark_4.2.12.bb | 1 + > 2 files changed, 46 insertions(+) > create mode 100644 > meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch > > diff --git > a/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch > b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch > new file mode 100644 > index 0000000000..b713cea8c4 > --- /dev/null > +++ b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch > @@ -0,0 +1,45 @@ > +From e180152d3dae668249f78c72a55a4ba436b57af7 Mon Sep 17 00:00:00 2001 > +From: Darius Davis <[email protected]> > +Date: Sat, 25 Oct 2025 15:01:34 +1000 > +Subject: [PATCH] Kafka: Fix decompress_snappy with no xerial chunks. > + > +Instead of returning true without setting outputs, report a failure to > +decompress and return false to the caller. > + > +Fix #20823 > + > +(cherry picked from commit 49137f8ce93c9f7ac55b69c8e089ba6a422f633e) > + > +CVE-2025-13499 > +Upstream-Status: Backport > [https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7] > +Signed-off-by: Hitendra Prajapati <[email protected]> > +--- > + epan/dissectors/packet-kafka.c | 4 ++-- > + 1 file changed, 2 insertions(+), 2 deletions(-) > + > +diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c > +index 482a670..e537013 100644 > +--- a/epan/dissectors/packet-kafka.c > ++++ b/epan/dissectors/packet-kafka.c > +@@ -1788,6 +1788,7 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, > int offset, guint32 length, > + count++; > + DISSECTOR_ASSERT_HINT(count < MAX_LOOP_ITERATIONS, > "MAX_LOOP_ITERATIONS exceeded"); > + } > ++ ret = composite_tvb != NULL; > + > + } else { > + > +@@ -1810,9 +1811,8 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, > int offset, guint32 length, > + > + *decompressed_tvb = tvb_new_child_real_data(tvb, > decompressed_buffer, (guint)out_size, (gint)out_size); > + *decompressed_offset = 0; > +- > ++ ret = TRUE; > + } > +- ret = TRUE; > + end: > + if (composite_tvb) { > + tvb_composite_finalize(composite_tvb); > +-- > +2.50.1 > + > diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb > b/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb > index ab6160b767..ed488a3555 100644 > --- a/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb > +++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb
scarthgap currently has 4.2.14 so this does not apply. If the CVE is still applicable, please rebase and test and send again. Thanks, Anuj
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122392): https://lists.openembedded.org/g/openembedded-devel/message/122392 Mute This Topic: https://lists.openembedded.org/mt/116629143/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
