Debian Bug report logs -
#958213
wireshark: CVE-2020-11647
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Balint Reczey <rbalint@ubuntu.com>:
Bug#958213; Package src:wireshark.
(Sun, 19 Apr 2020 19:12:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Balint Reczey <rbalint@ubuntu.com>.
(Sun, 19 Apr 2020 19:12:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: wireshark
Version: 3.2.2-1
Severity: important
Tags: security upstream
Forwarded: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474
Hi,
The following vulnerability was published for wireshark, filling
mainly only for tracking.
CVE-2020-11647[0]:
| In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the
| BACapp dissector could crash. This was addressed in epan/dissectors
| /packet-bacapp.c by limiting the amount of recursion.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-11647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11647
[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474
[2] https://www.wireshark.org/security/wnpa-sec-2020-07.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Balint Reczey <rbalint@ubuntu.com>:
You have taken responsibility.
(Sun, 19 Apr 2020 21:24:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sun, 19 Apr 2020 21:24:03 GMT) (full text, mbox, link).
Message #10 received at 958213-close@bugs.debian.org (full text, mbox, reply):
Source: wireshark
Source-Version: 3.2.3-1
Done: Balint Reczey <rbalint@ubuntu.com>
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 958213@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <rbalint@ubuntu.com> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 19 Apr 2020 23:04:12 +0200
Source: wireshark
Architecture: source
Version: 3.2.3-1
Distribution: unstable
Urgency: medium
Maintainer: Balint Reczey <rbalint@ubuntu.com>
Changed-By: Balint Reczey <rbalint@ubuntu.com>
Closes: 958213
Changes:
wireshark (3.2.3-1) unstable; urgency=medium
.
* debian: Ship codecs libraries in libwireshark0.
* New upstream version 3.2.3
- security fixes:
- The BACapp dissector could crash. (CVE-2020-11647) (Closes: #958213)
Checksums-Sha1:
2850762f360a062258d39ec2be1313b7cd4340f6 3505 wireshark_3.2.3-1.dsc
f50ba92e62435510df6ae7c4eb3ef14fe50d9d25 31363144 wireshark_3.2.3.orig.tar.xz
5d549e6178f5c83445f2873b55bcfb8cab94bec3 73804 wireshark_3.2.3-1.debian.tar.xz
2fd285dbecadf043f691ee63aa46881f3d70df28 18661 wireshark_3.2.3-1_source.buildinfo
Checksums-Sha256:
4492b3799bfed8961792fd215a09dcc3d845803cd29ca0877e733c48956a5819 3505 wireshark_3.2.3-1.dsc
aeb77915c1c7e40d277ef1d52335928fad86c6d49e46b214d87c8a83c019e2de 31363144 wireshark_3.2.3.orig.tar.xz
b02194219198363098d455051a80398d577015277d10a5692be7827aff99b5dd 73804 wireshark_3.2.3-1.debian.tar.xz
43a4dfd64718da719e7cb4a4a6e71a293f5768daafe4d88bc0edddf80fe16329 18661 wireshark_3.2.3-1_source.buildinfo
Files:
5e1fe1e25e4d80117bb8ff220686a15d 3505 net optional wireshark_3.2.3-1.dsc
3f5ff7b87d17fb3e0f6932b67be39a35 31363144 net optional wireshark_3.2.3.orig.tar.xz
894c3db971605daa1f6e4ddcaf848c66 73804 net optional wireshark_3.2.3-1.debian.tar.xz
bb77ec62e2ad75b001d41523199da1dc 18661 net optional wireshark_3.2.3-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEI/PvTgXX55rLQUfDg6KBkWslS0UFAl6cvQ4ACgkQg6KBkWsl
S0Uw/BAAsUaC5vNunBzV/qt66tq/FfboLko3Momp/coWpYCEdGQEiTEgFziNS2Jh
iWUF1xYpt/FERv64+seq0aVjfIJfpQ32x+Q7Nk78AWI46P1vhnzwP2s+fe8RwWUm
wLWL2qvi4jghyXwZkNxr9cUrAsaLcO1+xXN1ANHymHZSKprq9H8KvDrd941/v5uA
1onjGbFbLwmj9j+QY/tG9EikMRYgYBkEEyeocRm3ZIvCqQILkfiq2uR9DqIw0vuf
uD5Z8vkUTAMb1dGKm6ImYSkp5ae32qQ6C2IrOSQkNpd3SSI9xo+b95rxSlyca40P
WWcFNIMTGMklBcZPpykCP4+n0PTmhYl2DcsK411gnsHTzhEeiIwlrinN4h59E8aY
vwl/T8HTAzFSi+kI6643vrSf1EHWeHf+pir1SKesTeX7g0TzEmwRbnX+vo8G+Uby
GMlCgN6VCEH7pAQOheG9rEFZ+KvXzwH+/t0Bs0wxuhBSqyOkT1Dkh4FHR8SUnKcv
0vVTpcWLennIMEhArZlAkOSBN3ef+7uw4vcz4wHcsGjTU0mNu/WE/RXYxJOOMHn9
iqhmzu0UNST4fW+3Vmh7JANFMaJh4CSO7P5vW9teveLgK6JDcTa0K3J/efleqn+N
nfA1K/MDTJ8wGqhxV+eDts1FLNeCoeTgzEAp1LvVYdVU7+ziXhg=
=tw5v
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Mon Apr 20 08:36:42 2020;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon