Control: tags -1 moreinfo
Hi Ivo,
2017-05-27 22:42 GMT+02:00 Ivo De Decker :
> Control: tags -1 confirmed moreinfo
>
> Hi,
>
> On Fri, May 26, 2017 at 12:25:07AM +0200, Bálint Réczey wrote:
>> I have prepared wireshark 2.2.6+g32dac6a-1 in experimental which fixes
>> 10 vulnerabilities and other bugs which are not listed here, just on
>> the release notes link.
>>
>> Changes:
>> wireshark (2.2.6+g32dac6a-1) experimental; urgency=medium
>> .
>>* New upstream release
>> - release notes:
>>https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html
>> - security fixes:
>>- The IMAP dissector could crash (CVE-2017-7703)
>>- The WBXML dissector could enter an infinite loop (CVE-2017-7702)
>>- The NetScaler file parser could enter an infinite loop
>> (CVE-2017-7700)
>>- The RPCoRDMA dissector enter an infinite loop (CVE-2017-7705)
>>- The BGP dissector could enter an infinite loop (CVE-2017-7701)
>>- The DOF dissector could enter an infinite loop (CVE-2017-7704)
>>- The PacketBB dissector could crash (CVE-2017-7747)
>>- The SLSK dissector could enter a long loop (CVE-2017-7746)
>>- The SIGCOMP dissector could enter an infinite loop
>> (CVE-2017-7745)
>>- The WSP dissector could enter an infinite loop (CVE-2017-7748)
>>
>>
>> I believe wireshark point releases very rarely cause regressions due
>> to the heavy testing performed upstream and I think it would be safe
>> to upload this point release to unstable and let it migrate to
>> testing.
>>
>> If you wouldn't like to accept the full point release to Stretch I
>> will happily backport the security fixes to 2.2.5 and upload that to
>> unstable.
>>
>> Please share your preference regarding the next upload.
>
> Please go ahead with the upload to unstable and remove the moreinfo tag from
> this bug once the builds are done on all the relevant architectures.
Thank you, done.
>
> Also, please note that we are very close to the release date. More info about
> the deadlines in
> https://lists.debian.org/debian-devel-announce/2017/05/msg2.html
Thanks, I sent the unblock request shortly before the deadline and was already
prepare to update it and include only the targeted fixes.
Cheers,
Balint
>
> Cheers,
>
> Ivo
>