Bug#857119: marked as done (unblock: wireshark/2.2.5+g440fd4d-2)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 10 Mar 2017 16:14:35 +0000
with message-id <E1cmNBb-0002AP-H9@respighi.debian.org>
and subject line unblock wireshark
has caused the Debian Bug report #857119,
regarding unblock: wireshark/2.2.5+g440fd4d-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
857119: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857119
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: wireshark/2.2.5+g440fd4d-2
• From: Balint Reczey <balint@balintreczey.hu>
• Date: Wed, 8 Mar 2017 09:52:06 +0100
• Message-id: <[🔎] 78afc751-281b-0311-cc56-a675a8e97750@balintreczey.hu>
• Reply-to: balint@balintreczey.hu

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Tags: patch

Dear Release Team,

I have prepared wireshark 2.2.5+g440fd4d-1 in experimental which fixes
9 vulnerabilities and other bugs which are not listed here, just on
the release notes link.

Changes:
 wireshark (2.2.5+g440fd4d-1) experimental; urgency=medium
 .
   * New upstream release
     - release notes:
       https://www.wireshark.org/docs/relnotes/wireshark-2.2.5.html
     - security fixes:
       - The STANAG 4607 file parser could go into an infinite loop
         (CVE-2017-6014)
       - The NetScaler file parser could go into an infinite loop
         (CVE-2017-6467)
       - The NetScaler file parser could crash (CVE-2017-6468)
       - The LDSS dissector could crash (CVE-2017-6469)
       - The IAX2 dissector could go into an infinite loop
         (CVE-2017-6470)
       - The WSP dissector could go into an infinite loop (CVE-2017-6471)
       - The RTMTP dissector could go into an infinite loop
         (CVE-2017-6472)
       - The K12 file parser could crash (CVE-2017-6473)
       - The NetScaler file parser could go into an infinite loop
         (CVE-2017-6474)
   * Update symbols file for libwireshark8

I believe wireshark point releases very rarely cause regressions due
to the heavy testing performed upstream and I think it would be safe
to upload this point release to unstable and let it migrate to
testing.

If you wouldn't like to accept the full point release to Stretch I
will happily backport the security fixes to 2.2.4 and upload that to
unstable.

Please find the patch in the following link because it was too big for
inclusion in the email:

https://people.debian.org/~rbalint/wireshark_2.2.5+g440fd4d-1.patch

Please share your preference regarding the next upload.

Cheers,
Balint

unblock wireshark/2.2.5+g440fd4d-2

--- End Message ---

--- Begin Message ---

• To: 857119-done@bugs.debian.org
• Subject: unblock wireshark
• From: Emilio Pozuelo Monfort <pochu@respighi.debian.org>
• Date: Fri, 10 Mar 2017 16:14:35 +0000
• Message-id: <E1cmNBb-0002AP-H9@respighi.debian.org>

Unblocked.

--- End Message ---