Bug#857119: unblock: wireshark/2.2.5+g440fd4d-2
Control: tags -1 confirmed moreninfo
On 08/03/17 09:52, Balint Reczey wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> Tags: patch
>
> Dear Release Team,
>
> I have prepared wireshark 2.2.5+g440fd4d-1 in experimental which fixes
> 9 vulnerabilities and other bugs which are not listed here, just on
> the release notes link.
>
> Changes:
> wireshark (2.2.5+g440fd4d-1) experimental; urgency=medium
> .
> * New upstream release
> - release notes:
> https://www.wireshark.org/docs/relnotes/wireshark-2.2.5.html
> - security fixes:
> - The STANAG 4607 file parser could go into an infinite loop
> (CVE-2017-6014)
> - The NetScaler file parser could go into an infinite loop
> (CVE-2017-6467)
> - The NetScaler file parser could crash (CVE-2017-6468)
> - The LDSS dissector could crash (CVE-2017-6469)
> - The IAX2 dissector could go into an infinite loop
> (CVE-2017-6470)
> - The WSP dissector could go into an infinite loop (CVE-2017-6471)
> - The RTMTP dissector could go into an infinite loop
> (CVE-2017-6472)
> - The K12 file parser could crash (CVE-2017-6473)
> - The NetScaler file parser could go into an infinite loop
> (CVE-2017-6474)
> * Update symbols file for libwireshark8
>
> I believe wireshark point releases very rarely cause regressions due
> to the heavy testing performed upstream and I think it would be safe
> to upload this point release to unstable and let it migrate to
> testing.
>
> If you wouldn't like to accept the full point release to Stretch I
> will happily backport the security fixes to 2.2.4 and upload that to
> unstable.
Please go ahead with 2.2.5, and remove the moreinfo tag once it is accepted and
built on all release architectures.
Cheers,
Emilio
Reply to: