[Bug 1290100] Re: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos
Synchronize the wireshark package from debian wheezy to my ppa for precise with syncpackage https://launchpad.net/~thedemon007/+archive/thedemon007 tried it and it works well. This is the debdiff he gave me. You can see in the changelog that a lot of vulnerabilities are corrected. https://launchpadlibrarian.net/169322272/wireshark_1.8.2-5wheezy10_source.changes ** Patch added: wireshark_1.6.7-1_1.8.2-5wheezy10.diff.gz https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1290100/+attachment/4023167/+files/wireshark_1.6.7-1_1.8.2-5wheezy10.diff.gz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290100 Title: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1290100/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290100] Re: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos
@Sebastien They should not of unsubscribed, not yet fixed in previous versions of ubuntu. @Scott To saucy can make a fake sync debian Jessie? https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue Regarding precise would have to also update the libraries. I think it is also feasible to make a fake sync from debian wheezy. I'll try to make a debdiff, and test from my ppa as soon as i can. ** Tags added: sync ** Changed in: wireshark (Ubuntu Precise) Status: New = Confirmed ** Changed in: wireshark (Ubuntu Saucy) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290100 Title: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1290100/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290100] Re: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos
Unsubscribing sponsors; trusty is done, there's nothing else to sponsor. ubuntu-sponsors cannot do security updates for stables. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290100 Title: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1290100/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290100] Re: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos
Nevermind, this is already only subscribed by security-sponsors. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290100 Title: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1290100/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290100] Re: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos
(ubuntu-security-sponsors should probably be unsubscribed since there is no nothing to sponsor at the moment there) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290100 Title: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1290100/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290100] Re: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos
I see that vulnerabilities are already corrected in all or almost all versions of debian but not yet synchronized packages. It should change the links repository, see bug #1282805 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290100 Title: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1290100/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290100] Re: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos
This bug was fixed in the package wireshark - 1.10.6-1 Sponsored for Alberto Jovito (thedemon007) --- wireshark (1.10.6-1) unstable; urgency=high * New upstream release 1.10.6 - release notes: https://wireshark.org/docs/relnotes/wireshark-1.10.6.html - security fixes: - The NFS dissector could crash. Discovered by Moshe Kaplan (CVE-2014-2281) - The M3UA dissector could crash. Discovered by Laurent Butti. (CVE-2014-2282) - The RLC dissector could crash. (CVE-2014-2283) - The MPEG file parser could overflow a buffer. Discovered by Wesley Neelen. (CVE-2014-2299) * Drop 10_allow-deprecated-gtk-functions.patch and 11_fix-g_memmove-ftbfs-issues.patch since they are integrated upstream. * Generate symbols files * Ship wireshark.pc for pkg-config (Closes: #740716) -- Balint Reczey bal...@balintreczey.hu Sat, 08 Mar 2014 18:26:41 +0100 ** Changed in: wireshark (Ubuntu Trusty) Importance: Undecided = High ** Changed in: wireshark (Ubuntu Saucy) Importance: Undecided = High ** Changed in: wireshark (Ubuntu Precise) Importance: Undecided = High ** Changed in: wireshark (Ubuntu Quantal) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290100 Title: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1290100/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290100] Re: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos
Debian has the new release, so for trusty, we can sync that. It would be really useful if you could prepare debdiffs for precise and saucy. ** Also affects: wireshark (Ubuntu Saucy) Importance: Undecided Status: New ** Also affects: wireshark (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: wireshark (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: wireshark (Ubuntu Quantal) Importance: Undecided Status: New ** Changed in: wireshark (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290100 Title: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1290100/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290100] Re: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos
The attachment wireshark_1.10.6-1_security_fix_trusty-proposed seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the patch flag from the attachment, remove the patch tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290100 Title: [Need update to 1.10.6] 4 Vulnerabilities buffer overflow crash ddos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1290100/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
