[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#863380: unblock: wireshark/2.2.6+g32dac6a-2



Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Dear Release Team,

I have prepared wireshark 2.2.6+g32dac6a-1 in experimental which fixes
10 vulnerabilities and other bugs which are not listed here, just on
the release notes link.

Changes:
 wireshark (2.2.6+g32dac6a-1) experimental; urgency=medium
 .
   * New upstream release
     - release notes:
       https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html
     - security fixes:
       - The IMAP dissector could crash (CVE-2017-7703)
       - The WBXML dissector could enter an infinite loop (CVE-2017-7702)
       - The NetScaler file parser could enter an infinite loop
         (CVE-2017-7700)
       - The RPCoRDMA dissector enter an infinite loop (CVE-2017-7705)
       - The BGP dissector could enter an infinite loop (CVE-2017-7701)
       - The DOF dissector could enter an infinite loop (CVE-2017-7704)
       - The PacketBB dissector could crash (CVE-2017-7747)
       - The SLSK dissector could enter a long loop (CVE-2017-7746)
       - The SIGCOMP dissector could enter an infinite loop
         (CVE-2017-7745)
       - The WSP dissector could enter an infinite loop (CVE-2017-7748)


I believe wireshark point releases very rarely cause regressions due
to the heavy testing performed upstream and I think it would be safe
to upload this point release to unstable and let it migrate to
testing.

If you wouldn't like to accept the full point release to Stretch I
will happily backport the security fixes to 2.2.5 and upload that to
unstable.

Please share your preference regarding the next upload.

Cheers,
Balint

unblock wireshark/2.2.6+g32dac6a-2

Attachment: wireshark_2.2.6+g32dac6a-1.patch.gz
Description: GNU Zip compressed data


Reply to: