Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Dear Release Team, I have prepared wireshark 2.2.6+g32dac6a-1 in experimental which fixes 10 vulnerabilities and other bugs which are not listed here, just on the release notes link. Changes: wireshark (2.2.6+g32dac6a-1) experimental; urgency=medium . * New upstream release - release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html - security fixes: - The IMAP dissector could crash (CVE-2017-7703) - The WBXML dissector could enter an infinite loop (CVE-2017-7702) - The NetScaler file parser could enter an infinite loop (CVE-2017-7700) - The RPCoRDMA dissector enter an infinite loop (CVE-2017-7705) - The BGP dissector could enter an infinite loop (CVE-2017-7701) - The DOF dissector could enter an infinite loop (CVE-2017-7704) - The PacketBB dissector could crash (CVE-2017-7747) - The SLSK dissector could enter a long loop (CVE-2017-7746) - The SIGCOMP dissector could enter an infinite loop (CVE-2017-7745) - The WSP dissector could enter an infinite loop (CVE-2017-7748) I believe wireshark point releases very rarely cause regressions due to the heavy testing performed upstream and I think it would be safe to upload this point release to unstable and let it migrate to testing. If you wouldn't like to accept the full point release to Stretch I will happily backport the security fixes to 2.2.5 and upload that to unstable. Please share your preference regarding the next upload. Cheers, Balint unblock wireshark/2.2.6+g32dac6a-2
Attachment:
wireshark_2.2.6+g32dac6a-1.patch.gz
Description: GNU Zip compressed data