[Bug 172283] Re: [wireshark] multiple vulnerabilities
** Changed in: wireshark Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/172283 Title: [wireshark] multiple vulnerabilities -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
(Manually flipping to "Fix Released") This has published as part of the first-ever end-to-end test run of the shiny new security-in-soyuz queues. :) ** Changed in: wireshark (Ubuntu Gutsy) Status: Fix Committed => Fix Released -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
This is building now, and will be published shortly in Gutsy. Thanks! ** Changed in: wireshark (Ubuntu Gutsy) Status: In Progress => Fix Committed -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
** Changed in: wireshark (Ubuntu Gutsy) Assignee: (unassigned) => Emanuele Gentili (emgent) Status: New => In Progress ** Changed in: wireshark (Ubuntu) Assignee: Emanuele Gentili (emgent) => (unassigned) Status: In Progress => Fix Released ** Changed in: wireshark (Ubuntu Gutsy) Importance: Undecided => Medium -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
** Changed in: wireshark (Ubuntu) Status: Confirmed => In Progress -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
@Emgent: debdiff looks good @Kees/JdStrand: can you put it on your radar pls for gutsy... Thx. \sh -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
** Changed in: wireshark (Ubuntu) Assignee: Stephan Hermann (shermann) => Emanuele Gentili (emgent) -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
** Changed in: wireshark Status: In Progress => Fix Released -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
** Changed in: wireshark Status: Unknown => In Progress -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
** Bug watch added: Gentoo Bugzilla #212149 http://bugs.gentoo.org/show_bug.cgi?id=212149 ** Also affects: wireshark via http://bugs.gentoo.org/show_bug.cgi?id=212149 Importance: Unknown Status: Unknown -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
** Attachment added: "gutsy_wireshark_0.99.6rel-3ubuntu0.2.debdiff" http://launchpadlibrarian.net/12856998/gutsy_wireshark_0.99.6rel-3ubuntu0.2.debdiff -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
yes -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
@Emanuele: Did you test it with our version in gutsy? -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
CVE-2008-1071 does not seem to be reproducible in gutsy. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2144 -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
removed duplicated CVS ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6440 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6442 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6443 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6444 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6445 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6446 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6447 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6448 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6449 -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6111 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6112 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6113 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6114 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6117 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6118 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6120 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6121 -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
Please push new CVEs into a new bugreport It's difficult (especially for wireshark) to fix all bugs in one go...so I would like to see separated bug reports... thx for you work, \sh -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
Okay, after mentioning the new CVEs in my previous comment, they suddenly showed up in the CVE references list. Weird. -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
Um, I guess the CVE references list got a little too long, because the added references won't show up any more... Adding them here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1072 Should newly discovered vulnerabilities regarding wireshark be reported in a new bug report? I'd guess I'm not the only one who's currently a bit in the dark regarding which CVEs are still affecting Ubuntu's wireshark... ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1070 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1071 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1072 -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
Also adding CVE references mentioned in MDVSA-2008:057 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:057). -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
There are also new issues in 0.99.7: >From upstream: Summary Name: Multiple problems in Wireshark® (formerly Ethereal®) versions 0.6.0 to 0.99.7 Docid: wnpa-sec-2008-01 Date: February 27, 2008 Versions affected: 0.6.0 up to and including 0.99.7 Details Description Wireshark 0.99.8 fixes the following vulnerabilities: * The SCTP dissector could crash. Versions affected: 0.99.5 to 0.99.7 * The SNMP dissector could crash. (Bugs 2144 and 2277) Versions affected: 0.99.6 to 0.99.7 * The TFTP dissector could crash Wireshark on Ubuntu 7.10. (This appears to be a bug in the Cairo library on that platform.) Reported by Noam Rathaus. Versions affected: 0.6.0 to 0.99.7 Impact It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 0.99.8. If are running Wireshark 0.99.7 or Ethereal 0.99.0 or earlier and cannot upgrade, you can work around each of the problems listed above by doing the following: * Disable the SCTP, SNMP and TFTP dissectors. o Select Analyze→Enabled Protocols... from the menu. o Make sure "SCTP," "SNMP," and "TFTP" are un-checked. o Click "Save", then click "OK". -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
I'll deal with it during the next weekend... Or as Dr. VanDoom said in "The Fantastic Four" "This will be fun..." ** Changed in: wireshark (Ubuntu) Importance: Undecided => Medium Assignee: (unassigned) => Stephan Hermann (shermann) Status: New => Confirmed -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
These CVEs are already fixed in Ubuntu... See https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/164501 * 2007-6111 * 2007-6112 * 2007-6113 * 2007-6114 * 2007-6115 * 2007-6116 * 2007-6117 * 2007-6118 * 2007-6119 * 2007-6120 * 2007-6121 -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
Also added missing CVE references mentioned in SUSE Security Summary Report SUSE-SR:2008:004. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6111 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6112 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6113 -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
Sorry, I posted a slightly wrong URL to DSA-1446-1. http://www.debian.org/security/2008/dsa-1446 -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
See also DSA-1446-1 (http://www.debian.org/security/2007/dsa-1446). ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6450 -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 172283] Re: [wireshark] multiple vulnerabilities
Further exploits for wireshark .99.6 (gutsy) http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6438 Note, these are fixed in .99.7 which is currently in hardy (security backport?) ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6438 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6439 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6440 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6441 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6442 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6443 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6444 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6445 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6446 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6447 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6448 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6449 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6451 -- [wireshark] multiple vulnerabilities https://bugs.launchpad.net/bugs/172283 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs