Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Dear Release Team,
I have prepared wireshark 2.2.6+g32dac6a-1 in experimental which fixes
10 vulnerabilities and other bugs which are not listed here, just on
the release notes link.
Changes:
wireshark (2.2.6+g32dac6a-1) experimental; urgency=medium
.
* New upstream release
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html
- security fixes:
- The IMAP dissector could crash (CVE-2017-7703)
- The WBXML dissector could enter an infinite loop (CVE-2017-7702)
- The NetScaler file parser could enter an infinite loop
(CVE-2017-7700)
- The RPCoRDMA dissector enter an infinite loop (CVE-2017-7705)
- The BGP dissector could enter an infinite loop (CVE-2017-7701)
- The DOF dissector could enter an infinite loop (CVE-2017-7704)
- The PacketBB dissector could crash (CVE-2017-7747)
- The SLSK dissector could enter a long loop (CVE-2017-7746)
- The SIGCOMP dissector could enter an infinite loop
(CVE-2017-7745)
- The WSP dissector could enter an infinite loop (CVE-2017-7748)
I believe wireshark point releases very rarely cause regressions due
to the heavy testing performed upstream and I think it would be safe
to upload this point release to unstable and let it migrate to
testing.
If you wouldn't like to accept the full point release to Stretch I
will happily backport the security fixes to 2.2.5 and upload that to
unstable.
Please share your preference regarding the next upload.
Cheers,
Balint
unblock wireshark/2.2.6+g32dac6a-2
Attachment:
wireshark_2.2.6+g32dac6a-1.patch.gz
Description: GNU Zip compressed data