Re: [SECURITY] [DLA 497-1] wireshark security update
Dear LTS Team,
2016-05-31 14:19 GMT+02:00 Bálint Réczey <balint@balintreczey.hu>:
> Hi Bjoern,
>
> 2016-05-31 13:27 GMT+02:00 Bjoern Nyjorden <brn@iinet.net.au>:
>> Hi there;
>>
>> Unfortunately, as at 11:17 (+0000); This UPDATE IS NOT AVAILABLE at the
>> AUSTRALIAN REGION MIRROR (IP: 150.203.164.61) of:
>>
>> http://security.debian.org/debian-security/pool/updates/main/w/wireshark/
>>
>> If the update is already available at other IPs for the above address, can
>> someone please ensure that it is pushed out to the Australian Region mirror
>> at the earliest opportunity?
>
> I'm deeply sorry for sending out the DLA too early. The update will be available
> soon in the archive.
>
> For the record all of the vulnerabilities listed in the DLA are public
> thus receiving
> the email early does not pose extra risk for the systems having the previous
> version of the package.
I have uploaded the package to security-master yesterday and prepared
the DLA today.
I have misread the description of debian-lts-announce and thought it
was moderated, too,
like debian-lts-changes, thus I expected the DLA to be held back if it
comes early.
While I will keep in mind _not_ sending the DLA out too erarly, would
it make sense
to make debian-lts-announce moderated to catch mistakes like mine?
Thanks,
Balint
>
> Thanks,
> Balint
>
>>
>> Thanking you in advance,
>> Bjoern.
>>
>>
>> On 31/05/16 18:22, Balint Reczey wrote:
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>>
>>> Package : wireshark
>>> Version : 1.12.1+g01b65bf-4+deb8u6~deb7u1
>>> CVE ID : CVE-2012-6052 CVE-2012-6053 CVE-2012-6054 CVE-2012-6055
>>> CVE-2012-6056 CVE-2012-6057 CVE-2012-6058 CVE-2012-6059
>>> CVE-2012-6060 CVE-2012-6061 CVE-2012-6062 CVE-2013-1572
>>> CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576
>>> CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580
>>> CVE-2013-1581 CVE-2013-2476 CVE-2013-2479 CVE-2013-2482
>>> CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-4079
>>> CVE-2013-4080 CVE-2013-4927 CVE-2013-4929 CVE-2013-4931
>>> CVE-2013-5719 CVE-2013-5721 CVE-2013-6339 CVE-2013-7112
>>> CVE-2015-6243 CVE-2015-6246 CVE-2015-6248 CVE-2016-4006
>>> CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082
>>> CVE-2016-4085
>>>
>>> Multiple vulnerabilities were discovered in the dissectors/parsers for
>>> PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.
>>>
>>> This update also fixes many older less important issues by updating the
>>> package to the version found in Debian 8 also known as Jessie.
>>>
>>> For Debian 7 "Wheezy", these problems have been fixed in version
>>> 1.12.1+g01b65bf-4+deb8u6~deb7u1.
>>>
>>> We recommend that you upgrade your wireshark packages.
>>>
>>> Further information about Debian LTS security advisories, how to apply
>>> these updates to your system and frequently asked questions can be
>>> found at: https://wiki.debian.org/LTS
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v2
>>>
>>> iQIcBAEBCAAGBQJXTWXnAAoJEPZk0la0aRp9b/EQAIskixovlNrvyC2YNJY/COvR
>>> qcMChf8hCa3N8ghW7U2nVvf7I7215CHqFjt5L7JaORkmTYCoethud7f9FgA/Os2L
>>> lpsRSCs0i2MOIKMcDdYd/2gF0k164uBsHnIKeZujr0mn4u98mYTgeWvuP/bBN8th
>>> VLhKzkrJFLhEDOeKStjL9sQ1de2tH4SOPPNxbo1hqXVNd8oPUGkfT5goAy8LzuUx
>>> m6xMOcBu1Ee+koJeJ94HpSydwPVcXVZse/w1gShllcPyCfASzNQP3pYWQRr9tDas
>>> cs3eNCUPpGsF/zmNlxea1IXVaaPdTsTiYATMykOcKj46MNXh3/dl0LiqpvSFbm1C
>>> TOvIIpEkXaQvka3qlXZ14yVMvQhSFxuqvE6147cCNk1eL46wySZ4587HxsSLyeaP
>>> c/FvRzBZlB/n4aF0N3ORKY6J0LkVMfr5Ye0nfPJVnp5ExYsLoHu+0uwdagi72yIb
>>> tHLN49ixPj9c2DePami1YOBBNyMB/AZqCpZMWyoHQ+3FriMq80u5snQLbgwXOMNH
>>> 7/GcoTITNdSUNR/VZU1Uc0PA6jh5tNr33luldLwyzLUVHlLnTy3IsEas4XmSVu4r
>>> mmveoxqvLCUBrpcoXdBlZYX6d52MD50KHXV8ZfkAnEQxqCC/316VM00pa5t+zVUf
>>> iwHPgkBSHx/+O9PFz7/f
>>> =Be8K
>>> -----END PGP SIGNATURE-----
>>>
>>
Reply to: