** Changed in: wireshark (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1397091
Title:
[Security] Update Wireshark in Precise, Trusty, and Utopic to
1.12.1
@Marc: With upgrading Wireshark to a next stable branch netexpect will FTBFS:
https://launchpad.net/ubuntu/+source/netexpect
I think Evan's proposal is the best so far.
I have fixed all important CVE-s in Debian.
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
Marc:
That's an option, of course, and I'd be happy to start doing that, the
issue is going to be with Precise being on an unsupported release for
which fixes aren't backported into anymore (whereas in 1.10 for Trusty,
there's already fix backports upstream, based on what I'm able to tell
so far.
Attaching the full content of the email from Evan to me, in response to
my asking for details as to the main reason 1.8.x was suggested in
Precise instead:
The main reason is that wireshark is not just a userspace application
- it is also an API. A substantial number of companies have private
inte
What third party plugins would that be? Do we ship any in the archive?
While I was ok with updating them to the latest version everywhere to
simplify future maintenance, I am not ok with sponsoring updates to
random versions.
The proper way to fix these packages is to backport the security fixes
After emailing with Evan, I believe there are a few things that are not
as obvious that need to be looked at prior to this bug being processed.
A big major point to consider is that there are companies that have
their own protocol plugins in Wireshark, and they are dependent on the
API. It looks
Evan,
The idea I had, and the Security team seemed to suggest, was to make the
update uniform - that is, the version across the releases would be
identical, hence three debdiffs based on the same packaging in Vivid.
I'll leave it to the Security team to decide if they don't want to do
this for Pr
Hey there, I'm a wireshark core dev and kind of the unofficial point of
contact for Ubuntu/Wireshark (along with Balint Reczey, who maintains
the upstream Debian package).
As far as I know, Balint has been backporting the necessary CVE fixes
into the wireshark packages for Debian stable. For preci
For what it's worth: Wireshark upstream releases regular micro-release,
supporting each major version for at least two years. I have considered
applying for an SRU MicroReleaseException [1] a couple of times in the
past, but never had the time to really dig in and figure out all the
requirements.
** Description changed:
In discussion with the Security team yesterday (November 26, 2014) in
#ubuntu-hardened on IRC, I began digging through the list of Wireshark
CVEs, attempting to correct the tracker and get the CVE statuses updated
to reflect what actually does affect the versions in
** Attachment added: "Precise Debdiff: 1.6.7-1 to 1.12.1+g01b65bf-2~12.04.1"
https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1397091/+attachment/4269841/+files/precise_wireshark_1.6.7-1_1.12.1%2Bg01b65bf-2%7E12.04.1.debdiff.gz
--
You received this bug notification because you are a m
11 matches
Mail list logo
