[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#863380: unblock: wireshark/2.2.6+g32dac6a-2



Control: tags -1 confirmed moreinfo

Hi,

On Fri, May 26, 2017 at 12:25:07AM +0200, Bálint Réczey wrote:
> I have prepared wireshark 2.2.6+g32dac6a-1 in experimental which fixes
> 10 vulnerabilities and other bugs which are not listed here, just on
> the release notes link.
> 
> Changes:
>  wireshark (2.2.6+g32dac6a-1) experimental; urgency=medium
>  .
>    * New upstream release
>      - release notes:
>        https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html
>      - security fixes:
>        - The IMAP dissector could crash (CVE-2017-7703)
>        - The WBXML dissector could enter an infinite loop (CVE-2017-7702)
>        - The NetScaler file parser could enter an infinite loop
>          (CVE-2017-7700)
>        - The RPCoRDMA dissector enter an infinite loop (CVE-2017-7705)
>        - The BGP dissector could enter an infinite loop (CVE-2017-7701)
>        - The DOF dissector could enter an infinite loop (CVE-2017-7704)
>        - The PacketBB dissector could crash (CVE-2017-7747)
>        - The SLSK dissector could enter a long loop (CVE-2017-7746)
>        - The SIGCOMP dissector could enter an infinite loop
>          (CVE-2017-7745)
>        - The WSP dissector could enter an infinite loop (CVE-2017-7748)
> 
> 
> I believe wireshark point releases very rarely cause regressions due
> to the heavy testing performed upstream and I think it would be safe
> to upload this point release to unstable and let it migrate to
> testing.
> 
> If you wouldn't like to accept the full point release to Stretch I
> will happily backport the security fixes to 2.2.5 and upload that to
> unstable.
> 
> Please share your preference regarding the next upload.

Please go ahead with the upload to unstable and remove the moreinfo tag from
this bug once the builds are done on all the relevant architectures.

Also, please note that we are very close to the release date. More info about
the deadlines in
https://lists.debian.org/debian-devel-announce/2017/05/msg00002.html

Cheers,

Ivo


Reply to: