[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#975932: marked as done (buster-pu: package wireshark/2.6.20-0+deb10u1)

Your message dated Sat, 06 Feb 2021 10:39:26 +0000
with message-id <6425525e38201ecf9a2d3e0f1e63c0d3b08e0fc0.camel@adam-barratt.org.uk>
and subject line Closing p-u bugs for updates in 10.8
has caused the Debian Bug report #975932,
regarding buster-pu: package wireshark/2.6.20-0+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
975932: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975932
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

This update fixes the 14 non-dsa CVEs in buster by upgrading
to 2.6.20 (12 CVEs fixed) plus two fixes for additional CVEs.

Wireshark is a package where upstream is followed,
and will likely eventually be upgraded to a 3.x release
in a DSA at some point in the future. That's why this
pu request updates to the final 2.6 release (on top of
the last 2.6 release that was in unstable) instead of
backporting all CVE fixes.

The attached debdiff only includes changes to debian/

diff -Nru wireshark-2.6.8/debian/changelog wireshark-2.6.20/debian/changelog
--- wireshark-2.6.8/debian/changelog	2019-05-27 17:08:44.000000000 +0300
+++ wireshark-2.6.20/debian/changelog	2020-11-26 21:21:18.000000000 +0200
@@ -1,3 +1,46 @@
+wireshark (2.6.20-0+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * New upstream version including the following security fixes:
+    - CVE-2019-16319: The Gryphon dissector could go into an infinite loop.
+    - CVE-2019-19553: The CMS dissector could crash.
+    - CVE-2020-7045: The BT ATT dissector could crash.
+    - CVE-2020-9428: The EAP dissector could crash.
+    - CVE-2020-9430: The WiMax DLMAP dissector could crash.
+    - CVE-2020-9431: The LTE RRC dissector could leak memory.
+    - CVE-2020-11647: The BACapp dissector could crash. (Closes: #958213)
+    - CVE-2020-13164: The NFS dissector could crash.
+    - CVE-2020-15466: The GVCP dissector could go into an infinite loop.
+    - CVE-2020-25862: The TCP dissector could crash.
+    - CVE-2020-25863: The MIME Multipart dissector could crash.
+  * Adjust 17_libdir_location.patch for context changes.
+  * Since Wireshark 2.6.14 tests are run automatically by debhelper,
+    backport the build fix and making test failures non-fatal.
+  * CVE-2020-26575: The Facebook Zero Protocol (aka FBZERO) dissector
+    could enter an infinite loop. (Closes: #974688)
+  * CVE-2020-28030: The GQUIC dissector could crash. (Closes: #974689)
+
+ -- Adrian Bunk <bunk@debian.org>  Thu, 26 Nov 2020 21:21:18 +0200
+
+wireshark (2.6.10-1) unstable; urgency=medium
+
+  * New upstream version 2.6.10
+     - security fixes:
+       - ASN.1 BER and related dissectors crash (CVE-2019-13619)
+     - fix QIcon crash on exit on Ubuntu 16.04 with Qt 5.5.1 (LP: #1803808)
+  * debian/gitlab-ci.yml: User minimal reference configuration
+
+ -- Balint Reczey <rbalint@ubuntu.com>  Wed, 17 Jul 2019 23:23:05 +0200
+
+wireshark (2.6.9-1) unstable; urgency=medium
+
+  * Acknowledge NMU
+  * New upstream version 2.6.9
+  * Drop obsolete CVE-2019-12295.patch
+  * Refresh patches
+
+ -- Balint Reczey <rbalint@ubuntu.com>  Thu, 30 May 2019 22:13:15 +0200
+
 wireshark (2.6.8-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru wireshark-2.6.8/debian/gitlab-ci.yml wireshark-2.6.20/debian/gitlab-ci.yml
--- wireshark-2.6.8/debian/gitlab-ci.yml	2019-05-27 17:00:57.000000000 +0300
+++ wireshark-2.6.20/debian/gitlab-ci.yml	2019-07-18 00:23:05.000000000 +0300
@@ -1,13 +1,3 @@
-include: https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
-
-build:
-    extends: .build-unstable
-
-lintian:
-    extends: .test-lintian
-
-autopkgtest:
-    extends: .test-autopkgtest
-
-piuparts:
-    extends: .test-piuparts
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
diff -Nru wireshark-2.6.8/debian/patches/0001-FBZERO-Make-sure-our-offset-advances.patch wireshark-2.6.20/debian/patches/0001-FBZERO-Make-sure-our-offset-advances.patch
--- wireshark-2.6.8/debian/patches/0001-FBZERO-Make-sure-our-offset-advances.patch	1970-01-01 02:00:00.000000000 +0200
+++ wireshark-2.6.20/debian/patches/0001-FBZERO-Make-sure-our-offset-advances.patch	2020-11-26 21:21:18.000000000 +0200
@@ -0,0 +1,63 @@
+From 3ff940652962c099b73ae3233322b8697b0d10ab Mon Sep 17 00:00:00 2001
+From: Gerald Combs <gerald@wireshark.org>
+Date: Fri, 2 Oct 2020 12:42:03 -0700
+Subject: FBZERO: Make sure our offset advances.
+
+Make sure our offset advances so that we don't infinitely loop.
+Fixes #16887.
+---
+ epan/dissectors/packet-fbzero.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/epan/dissectors/packet-fbzero.c b/epan/dissectors/packet-fbzero.c
+index 16ffb63cf1..132079cfaa 100644
+--- a/epan/dissectors/packet-fbzero.c
++++ b/epan/dissectors/packet-fbzero.c
+@@ -66,6 +66,7 @@ static gint ett_fb_zero_tag_value = -1;
+ static expert_field ei_fb_zero_tag_undecoded = EI_INIT;
+ static expert_field ei_fb_zero_tag_length = EI_INIT;
+ static expert_field ei_fb_zero_tag_unknown = EI_INIT;
++static expert_field ei_fb_zero_length_invalid = EI_INIT;
+ 
+ #define FBZERO_MIN_LENGTH 3
+ 
+@@ -261,18 +262,26 @@ dissect_fb_zero_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *fb_zero_tree,
+                                  "Dissector for FB Zero Tag"
+                                  " %s (%s) code not implemented, Contact"
+                                  " Wireshark developers if you want this supported", tvb_get_string_enc(wmem_packet_scope(), tvb, offset-8, 4, ENC_ASCII|ENC_NA), val_to_str(tag, tag_vals, "Unknown"));
+-                tag_offset += tag_len;
++                goto end;
+             break;
+         }
+ 
+         if(tag_offset != offset_end){
+             /* Wrong Tag len... */
+             proto_tree_add_expert(tag_tree, pinfo, &ei_fb_zero_tag_unknown, tvb, tag_offset_start + tag_offset, offset_end - tag_offset);
+-            tag_offset = offset_end;
++            // XXX Return instead?
++            goto end;
+         }
+ 
+         tag_number--;
+     }
++
++    end:
++    if (offset + total_tag_len <= offset) {
++        expert_add_info_format(pinfo, fb_zero_tree, &ei_fb_zero_length_invalid,
++                         "Invalid total tag length: %u", total_tag_len);
++        return offset + tvb_reported_length_remaining(tvb, offset);
++    }
+     return offset + total_tag_len;
+ 
+ }
+@@ -562,6 +571,7 @@ proto_register_fb_zero(void)
+         { &ei_fb_zero_tag_undecoded, { "fb_zero.tag.undecoded", PI_UNDECODED, PI_NOTE, "Dissector for FB Zero Tag code not implemented, Contact Wireshark developers if you want this supported", EXPFILL }},
+         { &ei_fb_zero_tag_length, { "fb_zero.tag.length.truncated", PI_MALFORMED, PI_NOTE, "Truncated Tag Length...", EXPFILL }},
+         { &ei_fb_zero_tag_unknown, { "fb_zero.tag.unknown.data", PI_UNDECODED, PI_NOTE, "Unknown Data", EXPFILL }},
++        { &ei_fb_zero_length_invalid, { "fb_zero.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid length", EXPFILL }},
+     };
+ 
+     expert_module_t *expert_fb_zero;
+-- 
+2.20.1
+
diff -Nru wireshark-2.6.8/debian/patches/0001-GQUIC-make-sure-our-tag-offset-advances.patch wireshark-2.6.20/debian/patches/0001-GQUIC-make-sure-our-tag-offset-advances.patch
--- wireshark-2.6.8/debian/patches/0001-GQUIC-make-sure-our-tag-offset-advances.patch	1970-01-01 02:00:00.000000000 +0200
+++ wireshark-2.6.20/debian/patches/0001-GQUIC-make-sure-our-tag-offset-advances.patch	2020-11-26 21:21:18.000000000 +0200
@@ -0,0 +1,58 @@
+From 7dd685e4c0b7d049695b302f2cce732cdf15085c Mon Sep 17 00:00:00 2001
+From: Richard Smith <pcy190@126.com>
+Date: Sat, 10 Oct 2020 18:25:57 +0800
+Subject: GQUIC: make sure our tag offset advances.
+
+Make sure gquic tag offset advances so that we don't infinitely loop.
+---
+ epan/dissectors/packet-gquic.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/epan/dissectors/packet-gquic.c b/epan/dissectors/packet-gquic.c
+index 581499d7d0..955301b91f 100644
+--- a/epan/dissectors/packet-gquic.c
++++ b/epan/dissectors/packet-gquic.c
+@@ -185,6 +185,7 @@ static expert_field ei_gquic_tag_undecoded = EI_INIT;
+ static expert_field ei_gquic_tag_length = EI_INIT;
+ static expert_field ei_gquic_tag_unknown = EI_INIT;
+ static expert_field ei_gquic_version_invalid = EI_INIT;
++static expert_field ei_gquic_length_invalid = EI_INIT;
+ 
+ typedef struct gquic_info_data {
+     guint8 version;
+@@ -1604,7 +1605,7 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, gui
+                                  "Dissector for (Google) QUIC Tag"
+                                  " %s (%s) code not implemented, Contact"
+                                  " Wireshark developers if you want this supported", tvb_get_string_enc(wmem_packet_scope(), tvb, offset-8, 4, ENC_ASCII|ENC_NA), val_to_str(tag, tag_vals, "Unknown"));
+-                tag_offset += tag_len;
++                goto end;
+             break;
+         }
+         if(tag_offset != offset_end){
+@@ -1615,6 +1616,13 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, gui
+ 
+         tag_number--;
+     }
++
++    end:
++    if (offset + total_tag_len <= offset) {
++        expert_add_info_format(pinfo, gquic_tree, &ei_gquic_length_invalid,
++                                "Invalid total tag length: %u", total_tag_len);
++        return offset + tvb_reported_length_remaining(tvb, offset);
++    }
+     return offset + total_tag_len;
+ 
+ }
+@@ -2873,7 +2881,8 @@ proto_register_gquic(void)
+         { &ei_gquic_tag_undecoded, { "gquic.tag.undecoded", PI_UNDECODED, PI_NOTE, "Dissector for (Google)QUIC Tag code not implemented, Contact Wireshark developers if you want this supported", EXPFILL }},
+         { &ei_gquic_tag_length, { "gquic.tag.length.truncated", PI_MALFORMED, PI_NOTE, "Truncated Tag Length...", EXPFILL }},
+         { &ei_gquic_tag_unknown, { "gquic.tag.unknown.data", PI_UNDECODED, PI_NOTE, "Unknown Data", EXPFILL }},
+-        { &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }}
++        { &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }},
++        { &ei_gquic_length_invalid, { "gquic.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid Length", EXPFILL }}
+     };
+ 
+     expert_module_t *expert_gquic;
+-- 
+2.20.1
+
diff -Nru wireshark-2.6.8/debian/patches/03_no_version_in_gtk_title.patch wireshark-2.6.20/debian/patches/03_no_version_in_gtk_title.patch
--- wireshark-2.6.8/debian/patches/03_no_version_in_gtk_title.patch	2019-05-27 17:00:57.000000000 +0300
+++ wireshark-2.6.20/debian/patches/03_no_version_in_gtk_title.patch	2019-07-18 00:23:05.000000000 +0300
@@ -1,6 +1,6 @@
 --- a/epan/prefs.c
 +++ b/epan/prefs.c
-@@ -4108,7 +4108,7 @@
+@@ -4105,7 +4105,7 @@
      prefs.gui_prepend_window_title   = g_strdup("");
      g_free(prefs.gui_start_title);
      prefs.gui_start_title            = g_strdup("The World's Most Popular Network Protocol Analyzer");
diff -Nru wireshark-2.6.8/debian/patches/17_libdir_location.patch wireshark-2.6.20/debian/patches/17_libdir_location.patch
--- wireshark-2.6.8/debian/patches/17_libdir_location.patch	2019-05-27 17:00:57.000000000 +0300
+++ wireshark-2.6.20/debian/patches/17_libdir_location.patch	2020-11-26 21:21:18.000000000 +0200
@@ -5,7 +5,7 @@
 
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -1477,7 +1477,7 @@
+@@ -1473,7 +1473,7 @@
  
  set( prefix "${CMAKE_INSTALL_PREFIX}" )
  set( exec_prefix "\${prefix}" )
@@ -23,5 +23,5 @@
 -set(Wireshark_LIB_DIR           "@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@")
 +set(Wireshark_LIB_DIR           "@CMAKE_INSTALL_LIBDIR@")
  set(Wireshark_INCLUDE_DIR       "@CMAKE_INSTALL_PREFIX@/include/wireshark")
- set(Wireshark_CMAKE_MODULES_DIR "@CMAKE_INSTALL_MODULES_DIR@")
+ set(Wireshark_CMAKE_MODULES_DIR "@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_MODULES_DIR@")
  
diff -Nru wireshark-2.6.8/debian/patches/CVE-2019-12295.patch wireshark-2.6.20/debian/patches/CVE-2019-12295.patch
--- wireshark-2.6.8/debian/patches/CVE-2019-12295.patch	2019-05-27 17:07:19.000000000 +0300
+++ wireshark-2.6.20/debian/patches/CVE-2019-12295.patch	1970-01-01 02:00:00.000000000 +0200
@@ -1,42 +0,0 @@
-Description: CVE-2019-12295
- In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14,
- the dissection engine could crash. This was addressed in
- epan/packet.c by restricting the number of layers and
- consequently limiting recursion.
-Origin: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
-Bug-Debian: https://bugs.debian.org/929446
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/epan/packet.c
-+++ b/epan/packet.c
-@@ -725,6 +725,13 @@
- call_dissector_work_error(dissector_handle_t handle, tvbuff_t *tvb,
- 			  packet_info *pinfo_arg, proto_tree *tree, void *);
- 
-+/*
-+ * XXX packet_info.curr_layer_num is a guint8 and *_MAX_RECURSION_DEPTH is
-+ * 100 elsewhere in the code. We should arguably use the same value here,
-+ * but using that makes suite_wslua.case_wslua.test_wslua_dissector_fpm fail.
-+ */
-+#define PINFO_LAYER_MAX_RECURSION_DEPTH 500
-+
- static int
- call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo_arg,
- 		    proto_tree *tree, gboolean add_proto_name, void *data)
-@@ -747,6 +754,7 @@
- 	saved_proto = pinfo->current_proto;
- 	saved_can_desegment = pinfo->can_desegment;
- 	saved_layers_len = wmem_list_count(pinfo->layers);
-+	DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
- 
- 	/*
- 	 * can_desegment is set to 2 by anyone which offers the
-@@ -2675,6 +2683,8 @@
- 	saved_layers_len = wmem_list_count(pinfo->layers);
- 	*heur_dtbl_entry = NULL;
- 
-+	DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
-+
- 	for (entry = sub_dissectors->dissectors; entry != NULL;
- 	    entry = g_slist_next(entry)) {
- 		/* XXX - why set this now and above? */
diff -Nru wireshark-2.6.8/debian/patches/series wireshark-2.6.20/debian/patches/series
--- wireshark-2.6.8/debian/patches/series	2019-05-27 17:03:48.000000000 +0300
+++ wireshark-2.6.20/debian/patches/series	2020-11-26 21:21:18.000000000 +0200
@@ -4,4 +4,5 @@
 09_idl2wrs.patch
 16_licence_about_location.patch
 17_libdir_location.patch
-CVE-2019-12295.patch
+0001-FBZERO-Make-sure-our-offset-advances.patch
+0001-GQUIC-make-sure-our-tag-offset-advances.patch
diff -Nru wireshark-2.6.8/debian/rules wireshark-2.6.20/debian/rules
--- wireshark-2.6.8/debian/rules	2019-05-27 17:00:57.000000000 +0300
+++ wireshark-2.6.20/debian/rules	2020-11-26 21:21:18.000000000 +0200
@@ -88,6 +88,10 @@
 		debian/wireshark-dev/usr/share/pyshared/wireshark_be.py \
 		debian/wireshark-dev/usr/share/pyshared/wireshark_gen.py
 
+override_dh_auto_test:
+	$(MAKE) -C obj-* test-programs
+	-dh_auto_test
+
 override_dh_clean:
 	test ! -f version.conf.bak || mv version.conf.bak version.conf
 	dh_clean

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.8

Hi,

Each of the updates referenced by these bugs was included in today's
10.8 point release.

Regards,

Adam

--- End Message ---
Reply to: