Accepted wireshark 1.0.0-1 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 01 Apr 2008 19:48:19 +0200
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev ethereal-common ethereal-dev ethereal tethereal
Architecture: source i386
Version: 1.0.0-1
Distribution: unstable
Urgency: low
Maintainer: Frederic Peters <fpeters@debian.org>
Changed-By: Joost Yervante Damad <andete@debian.org>
Description:
ethereal - dummy upgrade package for ethereal -> wireshark
ethereal-common - dummy upgrade package for ethereal -> wireshark
ethereal-dev - dummy upgrade package for ethereal -> wireshark
tethereal - dummy upgrade package for ethereal -> wireshark
tshark - network traffic analyzer (console)
wireshark - network traffic analyzer
wireshark-common - network traffic analyser (common files)
wireshark-dev - network traffic analyser (development tools)
Closes: 117201 172939 369044 452381 468400 472478
Changes:
wireshark (1.0.0-1) unstable; urgency=low
.
* Several security issues were solved in 0.99.7 already:
(closes: #452381)
* allow remote attackers to cause a denial of service (crash) via (1) a
crafted MP3 file or (2) unspecified vectors to the NCP dissector
(CVE-2007-6111)
* Buffer overflow in the PPP dissector Wireshark (formerly Ethereal)
0.99.6 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via unknown vectors.
(CVE-2007-6112)
* Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote
attackers to cause a denial of service (long loop) via a malformed DNP
packet (CVE-2007-6113)
* Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0
through 0.99.6 allow remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via (1) the SSL dissector
or (2) the iSeries (OS/400) Communication trace file parser
(CVE-2007-6114)
* Buffer overflow in the ANSI MAP dissector for Wireshark (formerly
Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms,
allows remote attackers to cause a denial of service and possibly
execute arbitrary code via unknown vectors. (CVE-2007-6115)
* The Firebird/Interbase dissector in Wireshark (formerly Ethereal)
0.99.6 allows remote attackers to cause a denial of service (infinite
loop or crash) via unknown vectors. (CVE-2007-6116)
* Unspecified vulnerability in the HTTP dissector for Wireshark
(formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote
attack vectors related to chunked messages. (CVE-2007-6117)
* The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6
allows remote attackers to cause a denial of service (long loop and
resource consumption) via unknown vectors. (CVE-2007-6118)
* The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows
remote attackers to cause a denial of service (long loop and resource
consumption) via unknown vectors. (CVE-2007-6119)
* The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to
0.99.6 allows remote attackers to cause a denial of service (infinite
loop) via unknown vectors. (CVE-2007-6120)
* Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers
to cause a denial of service (crash) via a malformed RPC Portmap
packet. (CVE-2007-6121)
* current wireshark has SSL support (closes: #172939)
* and H323 support (closes: #117201)
* resizing columns bugfix was applied last year (closes: #369044)
* new upstream release 1.0.0
http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html
* remove debian/ directory from upstream
* update 14_disable-cmip.dpatch.
* if wireshark has no priv, it now prints:
dumpcap: There are no interfaces on which a capture can be done
(closes: #468400)
* wireshark uses su-to-root now (closes: #472478)
* vulnerabilities fixed:
* The X.509sat and other dissector could crash (CVE-2008-1561)
* The LDAP dissector could crash on Windows and other platforms.
(CVE-2008-1562)
* The SCCP dissector could crash while using the "decode as"
feature (CVE-2008-1563)
Files:
16caefa076423ce9ac9f3a9d3ec5ef68 1123 net optional wireshark_1.0.0-1.dsc
f3f3d2211fe8b1f4358cd9250d99abe8 17031038 net optional wireshark_1.0.0.orig.tar.gz
8541c018e28eedacb9789cd4381541bb 47800 net optional wireshark_1.0.0-1.diff.gz
b90e3a36e4460d8a7128f144ba9b9ae2 9972348 net optional wireshark-common_1.0.0-1_i386.deb
de434d2b2a44400743561c141cc1fe63 614052 net optional wireshark_1.0.0-1_i386.deb
77d564ffad0515a12f92835af8388830 110394 net optional tshark_1.0.0-1_i386.deb
5751721c30d3fa09abf6e7b5fd236e28 569014 devel optional wireshark-dev_1.0.0-1_i386.deb
c2573b5a6b395761a0cdb5af5080aa8b 24068 net optional ethereal-common_1.0.0-1_i386.deb
6ad67a615453375565c4effa1a1858c2 23682 devel optional ethereal-dev_1.0.0-1_i386.deb
6d7a3d0dde1c88645e660688a5fc89ff 23668 net optional ethereal_1.0.0-1_i386.deb
ea8a57cdb74cb573f60bea75cc6e3db0 23674 net optional tethereal_1.0.0-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH8pYL0/r2+3z8lN0RAsiaAJwP9fjQA6nBuYKpiqw8/S78n3c+GgCgtEB8
SaGV1uv74uBUuWtMftLXTkw=
=54vT
-----END PGP SIGNATURE-----
Accepted:
ethereal-common_1.0.0-1_i386.deb
to pool/main/w/wireshark/ethereal-common_1.0.0-1_i386.deb
ethereal-dev_1.0.0-1_i386.deb
to pool/main/w/wireshark/ethereal-dev_1.0.0-1_i386.deb
ethereal_1.0.0-1_i386.deb
to pool/main/w/wireshark/ethereal_1.0.0-1_i386.deb
tethereal_1.0.0-1_i386.deb
to pool/main/w/wireshark/tethereal_1.0.0-1_i386.deb
tshark_1.0.0-1_i386.deb
to pool/main/w/wireshark/tshark_1.0.0-1_i386.deb
wireshark-common_1.0.0-1_i386.deb
to pool/main/w/wireshark/wireshark-common_1.0.0-1_i386.deb
wireshark-dev_1.0.0-1_i386.deb
to pool/main/w/wireshark/wireshark-dev_1.0.0-1_i386.deb
wireshark_1.0.0-1.diff.gz
to pool/main/w/wireshark/wireshark_1.0.0-1.diff.gz
wireshark_1.0.0-1.dsc
to pool/main/w/wireshark/wireshark_1.0.0-1.dsc
wireshark_1.0.0-1_i386.deb
to pool/main/w/wireshark/wireshark_1.0.0-1_i386.deb
wireshark_1.0.0.orig.tar.gz
to pool/main/w/wireshark/wireshark_1.0.0.orig.tar.gz
Reply to: