Re: ethereal 0.10.11 fixes lots of security issues
* Frederic Peters (fpeters@debian.org) [050505 09:10]:
> Hello,
>
> The ethereal project released 0.10.11 today which fixes even more
> security issues than the usual release, they are detailed in
> http://www.ethereal.com/appnotes/enpa-sa-00019.html
> and summarized in the Debian changelog entry:
>
> ethereal (0.10.11-1) unstable; urgency=high
>
> * New upstream release; urgency high since it fixes security issues in the
> following dissectors:
> * format string vulnerabilities: ANSI A, DHCP
> * segmentation faults: GSM MAP, AIM, TZSP, Bittorrent, SMB, GSM, SMB
> NETLOGON
> * buffer overflows: DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS,
> OCSP, PKIX1Explitit, PKIX Qualified, X.509, NCP, ISUP, TCAP,
> Presentation
> * null pointer exception: KINK, WSP, SMB Mailslot, H.245, MGCP, RPC
> * infinite loops: LMP, EIGRP, MEGACO, L2TP
> * uncaught assertions: Telnet, 802.3, BER, IAX2, RADIUS, SMB PIPE, MRDISC
> * memory exhaustion: DICOM
> * unclassified: Fibre Channel, LDAP, NTLMSSP
>
> -- Frederic Peters <fpeters@debian.org> Thu, 5 May 2005 08:43:00 +0200
>
>
> Can I upload this to testing-proposed-updates ? And is the correct
> way simply to change the changelog first line to:
> ethereal (0.10.11-1) testing-proposed-updated unstable; urgency=high
> ?
Well, if it is a security-only release, just upload to unstable, and
I'll push it through. If there are changes not appropriate for sarge,
than please either just upload the appropriate changes (that's our
prefered policy), or upload 0.10.10-2sarge1 to t-p-u (and just write
"testing" or "testing-proposed-updates" instead of unstable there).
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
Reply to: