Thank you for preparing this update! Unfortunately I have to NACK the lucid debdiff for the following reasons: * debian/patches/CVE-2011-0444.patch lists this as fixing https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530, and there are two commits for this (as mentioned in the patch): http://anonsvn.wireshark.org/viewvc?view=rev&revision=35292 http://anonsvn.wireshark.org/viewvc?view=rev&revision=35298
However the patch to epan/dissectors/packet-snmp.c is missing. * debian/patches/CVE-2010-3445.patch lists this as fixing https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230, with the fix in http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ber.c?r1=34111&r2=34110&pathrev=34111&view=patch. Now, packet-ber.c differs a bit in Lucid as opposed to later releases of wireshark, but I found this at the end of the patch: @@ -1001,7 +1013,7 @@ tmp_length = 0; tmp_ind = FALSE; - if (nest_level > BER_MAX_INDEFINITE_NESTING) { + if (nest_level > BER_MAX_NESTING) { /* Assume that we have a malformed packet. */ THROW(ReportedBoundsError); } The Lucid version does not have the if statement at all, but I wonder if it should use the patched version. Can you comment? * debian/patches/CVE-2011-0538.patch uses the Debian bug for both 'Bug' and 'Bug-Debian'. It should use https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5652 for 'Bug'. * debian/patches/CVE-2011-0713.patch has two 'Origin' statements, but no upstream 'Bug' statement. One of the Origin statements is wrong and is for CVE-2011-0538. The correct one should be http://anonsvn.wireshark.org/viewvc?revision=35953&view=revision. * debian/patches/CVE-2011-1139.patch does not reference the upstream bug (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5661) or the Ubuntu bug (https://launchpad.net/bugs/730409) Please adjust the debdiff for the above issues, and respond to my question regarding the 'if (nest_level > BER_MAX_NESTING)' test in the patch for CVE-2010-3445. Thanks! ** Bug watch added: Wireshark Bugzilla #5530 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530 ** Bug watch added: Wireshark Bugzilla #5230 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230 ** Bug watch added: Wireshark Bugzilla #5652 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5652 ** Bug watch added: Wireshark Bugzilla #5661 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5661 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-3445 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0444 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0713 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-1139 -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/730413 Title: CVE-2011-0538 Wireshark: memory corruption when reading a malformed pcap file -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
