Hello,
The ethereal project released 0.10.11 today which fixes even more
security issues than the usual release, they are detailed in
http://www.ethereal.com/appnotes/enpa-sa-00019.html
and summarized in the Debian changelog entry:
ethereal (0.10.11-1) unstable; urgency=high
* New upstream release; urgency high since it fixes security issues in the
following dissectors:
* format string vulnerabilities: ANSI A, DHCP
* segmentation faults: GSM MAP, AIM, TZSP, Bittorrent, SMB, GSM, SMB
NETLOGON
* buffer overflows: DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS,
OCSP, PKIX1Explitit, PKIX Qualified, X.509, NCP, ISUP, TCAP,
Presentation
* null pointer exception: KINK, WSP, SMB Mailslot, H.245, MGCP, RPC
* infinite loops: LMP, EIGRP, MEGACO, L2TP
* uncaught assertions: Telnet, 802.3, BER, IAX2, RADIUS, SMB PIPE, MRDISC
* memory exhaustion: DICOM
* unclassified: Fibre Channel, LDAP, NTLMSSP
-- Frederic Peters <fpeters@debian.org> Thu, 5 May 2005 08:43:00 +0200
Can I upload this to testing-proposed-updates ? And is the correct
way simply to change the changelog first line to:
ethereal (0.10.11-1) testing-proposed-updated unstable; urgency=high
?
Regards,
Frederic
Attachment:
signature.asc
Description: Digital signature