Debian Bug report logs -
#613202
CVE-2011-0538
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 13 Feb 2011 14:03:02 UTC
Severity: important
Tags: security
Found in version wireshark/1.0.2-3
Fixed in version wireshark/1.4.3-3
Done: Balint Reczey <balint@balintreczey.hu>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, jmw@debian.org, Balint Reczey <balint@balintreczey.hu>:
Bug#613202; Package wireshark.
(Sun, 13 Feb 2011 14:03:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, jmw@debian.org, Balint Reczey <balint@balintreczey.hu>.
(Sun, 13 Feb 2011 14:03:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: wireshark
Severity: important
Tags: security
Please see https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5652
This has been assigned CVE-2011-0538. Since this can only be exploited
by enticing someone to open a malformed pcap file, but doesn't warrant
a DSA. We can either queue up the fix for a future Wireshark DSA or
fix it through the 6.0.1 point update.
Cheers,
Moritz
-- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply sent
to Balint Reczey <balint@balintreczey.hu>:
You have taken responsibility.
(Fri, 18 Feb 2011 22:00:19 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Fri, 18 Feb 2011 22:00:19 GMT) (full text, mbox, link).
Message #10 received at 613202-close@bugs.debian.org (full text, mbox, reply):
Source: wireshark
Source-Version: 1.4.3-3
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive:
libwireshark-data_1.4.3-3_all.deb
to main/w/wireshark/libwireshark-data_1.4.3-3_all.deb
libwireshark-dev_1.4.3-3_i386.deb
to main/w/wireshark/libwireshark-dev_1.4.3-3_i386.deb
libwireshark0_1.4.3-3_i386.deb
to main/w/wireshark/libwireshark0_1.4.3-3_i386.deb
libwiretap-dev_1.4.3-3_i386.deb
to main/w/wireshark/libwiretap-dev_1.4.3-3_i386.deb
libwiretap0_1.4.3-3_i386.deb
to main/w/wireshark/libwiretap0_1.4.3-3_i386.deb
libwsutil-dev_1.4.3-3_i386.deb
to main/w/wireshark/libwsutil-dev_1.4.3-3_i386.deb
libwsutil0_1.4.3-3_i386.deb
to main/w/wireshark/libwsutil0_1.4.3-3_i386.deb
tshark_1.4.3-3_i386.deb
to main/w/wireshark/tshark_1.4.3-3_i386.deb
wireshark-common_1.4.3-3_i386.deb
to main/w/wireshark/wireshark-common_1.4.3-3_i386.deb
wireshark-dbg_1.4.3-3_i386.deb
to main/w/wireshark/wireshark-dbg_1.4.3-3_i386.deb
wireshark-dev_1.4.3-3_i386.deb
to main/w/wireshark/wireshark-dev_1.4.3-3_i386.deb
wireshark-doc_1.4.3-3_all.deb
to main/w/wireshark/wireshark-doc_1.4.3-3_all.deb
wireshark_1.4.3-3.debian.tar.gz
to main/w/wireshark/wireshark_1.4.3-3.debian.tar.gz
wireshark_1.4.3-3.dsc
to main/w/wireshark/wireshark_1.4.3-3.dsc
wireshark_1.4.3-3_i386.deb
to main/w/wireshark/wireshark_1.4.3-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 613202@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <balint@balintreczey.hu> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 18 Feb 2011 18:02:41 +0100
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg wireshark-doc libwireshark0 libwsutil0 libwsutil-dev libwireshark-data libwireshark-dev libwiretap0 libwiretap-dev
Architecture: source i386 all
Version: 1.4.3-3
Distribution: unstable
Urgency: high
Maintainer: Balint Reczey <balint@balintreczey.hu>
Changed-By: Balint Reczey <balint@balintreczey.hu>
Description:
libwireshark-data - a network packet dissection library -- data files
libwireshark-dev - a network packet dissection library -- development files
libwireshark0 - a network packet dissection library -- shared library
libwiretap-dev - a network packet capture library -- development files
libwiretap0 - a network packet capture library -- shared library
libwsutil-dev - network packet dissection utilities library -- shared library
libwsutil0 - network packet dissection utilities library -- shared library
tshark - network traffic analyzer - console version
wireshark - network traffic analyzer - GTK+ version
wireshark-common - network traffic analyzer - common files
wireshark-dbg - network traffic analyzer - debug symbols
wireshark-dev - network traffic analyzer - development tools
wireshark-doc - network traffic analyzer - documentation
Closes: 613202
Changes:
wireshark (1.4.3-3) unstable; urgency=high
.
* pick fix for crash triggered by opening a malformed pcap-ng file
(CVE-2011-0538) (Closes: #613202)
Checksums-Sha1:
2d0fb9a4bd0cbbf7b2cc3128404a31dc1ad53d0b 1834 wireshark_1.4.3-3.dsc
9276e42f2d42e3edafcfc84460166acd8b77e993 56561 wireshark_1.4.3-3.debian.tar.gz
0cc3f9e6fe984dd39a11aff81894bfb6a85f9cd3 1363972 wireshark-common_1.4.3-3_i386.deb
209b7b112004f90dc4c1220b06c68f6b1c8accde 784534 wireshark_1.4.3-3_i386.deb
02e7ea97699b663652dcceecfdf39aa5c75a7d1f 138388 tshark_1.4.3-3_i386.deb
da4446c6e7fbc06ea9bebaf65a487b6800da7c0d 165542 wireshark-dev_1.4.3-3_i386.deb
a502989ee565bea03e4485a1e5566054504449fa 16285070 wireshark-dbg_1.4.3-3_i386.deb
8b759100ffa9f8b4d66998c628f73ccad810e0e4 3465454 wireshark-doc_1.4.3-3_all.deb
f516cd37c62e5e09c0b6513c543f6449668a285f 9405494 libwireshark0_1.4.3-3_i386.deb
d41084cc31c5c79627cdbdb6be8ee150c2b83989 33746 libwsutil0_1.4.3-3_i386.deb
93e319581f40c2835aea1de6bf7a4db731eab569 37266 libwsutil-dev_1.4.3-3_i386.deb
5d8a611e7f61ee776bb32b2ffafe272228d44163 2207644 libwireshark-data_1.4.3-3_all.deb
ce01b0fe3ae4dad8cee3ac9bfe75eee1c994d4dd 866750 libwireshark-dev_1.4.3-3_i386.deb
61bc939ff647f3132dde1e30397af3593470463c 158118 libwiretap0_1.4.3-3_i386.deb
e9214200b4b656cae2c6c4eb0b6db8ef68b781df 58038 libwiretap-dev_1.4.3-3_i386.deb
Checksums-Sha256:
c7d6bc51294c7902145ae4ab6304e64c90328737607426789f3e8cc9f65a4a5b 1834 wireshark_1.4.3-3.dsc
d53fcebc361c3d67aeb3bb05994e578e1abaae4951de09868cdb12c51e1165e3 56561 wireshark_1.4.3-3.debian.tar.gz
80dfc671334f6ccde665e80dd5bfdf1cdecbc9cfc85d854a6c751ecd36f0e9a5 1363972 wireshark-common_1.4.3-3_i386.deb
c900c54ceb904443a03fed8ef793e0d12c0254b21b9083902a54d68839a3366d 784534 wireshark_1.4.3-3_i386.deb
6ae4ed71a0e0f58e95708e341e99ce9f58da6753593e8b40ef2a5ffdac2a993d 138388 tshark_1.4.3-3_i386.deb
de891a79c63378aa62e6b8cf142158e27d320d64d33396dd597e7c1e669f3762 165542 wireshark-dev_1.4.3-3_i386.deb
15a8554c0e9f210bed4febad69d6d314bf0b6e9ef37ecbc6dd9a5e2827696ef7 16285070 wireshark-dbg_1.4.3-3_i386.deb
fca1e57fb28fca5b366f60d76f5335fb6c33d79e7d4e77218b7e687e8004adcd 3465454 wireshark-doc_1.4.3-3_all.deb
477427adfcb9fd668a0d4e9735479608d834756afc8d260d8b07a8d002b1b905 9405494 libwireshark0_1.4.3-3_i386.deb
120d38e1fa8edc62a6c6b81b56fe42dba901b930c15fa3451bf2a96704406c23 33746 libwsutil0_1.4.3-3_i386.deb
4936c5a310e9c27b7f7eb17143c6b0632c957874662f7064de9e04bd4f026910 37266 libwsutil-dev_1.4.3-3_i386.deb
abc543d00c2d9d129c261023bf685f0de79daf690501a04d5009f37340a998bb 2207644 libwireshark-data_1.4.3-3_all.deb
20646ec20a95167049a1f6e68901f2ad3cc950a67b969e7f682cbaf084767e81 866750 libwireshark-dev_1.4.3-3_i386.deb
e54f23738361bb885008e11c8a60be3b7d084eb3e3d61121661923a489efc6d0 158118 libwiretap0_1.4.3-3_i386.deb
278a51163f20be95da5e483072a060c0fab65354d97725900f13d52f63bae4c7 58038 libwiretap-dev_1.4.3-3_i386.deb
Files:
a27d98919bd1f8eeb088f73583d086b7 1834 net optional wireshark_1.4.3-3.dsc
e7f6d62dd169c42f74c844edde2f762d 56561 net optional wireshark_1.4.3-3.debian.tar.gz
1a6d47d00a7b5fa95ce1911bc9b43b13 1363972 net optional wireshark-common_1.4.3-3_i386.deb
93fe70970c8cbbcdacabc09f6a2ab0d6 784534 net optional wireshark_1.4.3-3_i386.deb
0032ea48547ed8e4da3c0351c2030576 138388 net optional tshark_1.4.3-3_i386.deb
db460916f2b57356539c62392c584dce 165542 devel optional wireshark-dev_1.4.3-3_i386.deb
1481fefd3602b6971e52ce853e55fd91 16285070 debug extra wireshark-dbg_1.4.3-3_i386.deb
5201a1a2eed87dc263ffbeac216de2ff 3465454 doc extra wireshark-doc_1.4.3-3_all.deb
6c06db259551a21a5c8696f2fa06b0ec 9405494 libs optional libwireshark0_1.4.3-3_i386.deb
18006bc50949dba84fdc2edfea5a407f 33746 libs optional libwsutil0_1.4.3-3_i386.deb
5a0c05a9fc00ccab05b9326b95e56856 37266 libdevel optional libwsutil-dev_1.4.3-3_i386.deb
3fea43d16dae63a169539f2226783046 2207644 libs optional libwireshark-data_1.4.3-3_all.deb
077e2c9f664ba8080f66779bf1e6cedc 866750 libdevel optional libwireshark-dev_1.4.3-3_i386.deb
94696961104da10f94d01f6f834624e5 158118 libs optional libwiretap0_1.4.3-3_i386.deb
a6c28852208f16bc940154e83c812b0b 58038 libdevel optional libwiretap-dev_1.4.3-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFNXsDgmSuMdaVnTsERAje1AKCPljhBUwtnoeMjNMqjs/YeHjc/1ACfVog8
YaXkbCOjQW/oNHx7UvXN02A=
=I9PI
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Balint Reczey <balint@balintreczey.hu>:
Bug#613202; Package wireshark.
(Sat, 19 Feb 2011 22:15:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to Balint Reczey <balint@balintreczey.hu>.
(Sat, 19 Feb 2011 22:15:11 GMT) (full text, mbox, link).
Message #15 received at 613202@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.1)
Please arrange to backport your fix and liase with the release team for
permission to upload. I will happily assist you if the patch is
straightforward and you need help or lack time.
For details of this process and the rationale, please see the original
announcement [1] and my blog post [2].
1: <201101232332.11736.thijs@debian.org>
2: http://deb.li/prsc
Thanks,
with his security hat on:
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
[signature.asc (application/pgp-signature, inline)]
Bug Marked as found in versions wireshark/1.0.2-3.
Request was from Bálint Réczey <balint@balintreczey.hu>
to control@bugs.debian.org.
(Sat, 26 Feb 2011 12:09:03 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 27 Mar 2011 07:30:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:52:43 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon