Bug#857119: unblock: wireshark/2.2.5+g440fd4d-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Tags: patch
Dear Release Team,
I have prepared wireshark 2.2.5+g440fd4d-1 in experimental which fixes
9 vulnerabilities and other bugs which are not listed here, just on
the release notes link.
Changes:
wireshark (2.2.5+g440fd4d-1) experimental; urgency=medium
.
* New upstream release
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.5.html
- security fixes:
- The STANAG 4607 file parser could go into an infinite loop
(CVE-2017-6014)
- The NetScaler file parser could go into an infinite loop
(CVE-2017-6467)
- The NetScaler file parser could crash (CVE-2017-6468)
- The LDSS dissector could crash (CVE-2017-6469)
- The IAX2 dissector could go into an infinite loop
(CVE-2017-6470)
- The WSP dissector could go into an infinite loop (CVE-2017-6471)
- The RTMTP dissector could go into an infinite loop
(CVE-2017-6472)
- The K12 file parser could crash (CVE-2017-6473)
- The NetScaler file parser could go into an infinite loop
(CVE-2017-6474)
* Update symbols file for libwireshark8
I believe wireshark point releases very rarely cause regressions due
to the heavy testing performed upstream and I think it would be safe
to upload this point release to unstable and let it migrate to
testing.
If you wouldn't like to accept the full point release to Stretch I
will happily backport the security fixes to 2.2.4 and upload that to
unstable.
Please find the patch in the following link because it was too big for
inclusion in the email:
https://people.debian.org/~rbalint/wireshark_2.2.5+g440fd4d-1.patch
Please share your preference regarding the next upload.
Cheers,
Balint
unblock wireshark/2.2.5+g440fd4d-2
Reply to: