Source: wireshark Version: 2.2.7-1 Severity: important Tags: upstream security Forwarded: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
Hi, the following vulnerability was published for wireshark. CVE-2017-9616[0]: | In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion | (uncontrolled recursion) in the dissect_mp4_box function in | epan/dissectors/file-mp4.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9616 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9616 [1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
