Debian Bug report logs -
#666058
Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6 (CVE-2012-1593,CVE-2012-1594,CVE-2012-1595,CVE-2012-1596)
Reported by: Henri Salo <henri@nerv.fi>
Date: Wed, 28 Mar 2012 10:21:15 UTC
Severity: important
Found in version wireshark/1.2.11-6+squeeze6
Fixed in version wireshark/1.6.6-1
Done: Balint Reczey <balint@balintreczey.hu>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Balint Reczey <balint@balintreczey.hu>
:
Bug#666058
; Package wireshark
.
(Wed, 28 Mar 2012 10:21:18 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>
:
New Bug report received and forwarded. Copy sent to Balint Reczey <balint@balintreczey.hu>
.
(Wed, 28 Mar 2012 10:21:29 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: wireshark
Version: 1.2.11-6+squeeze6
Severity: important
I hope this haven't been reported yet. If you need me to verify these issues or testers for patch, please ask!
For details please see: http://seclists.org/oss-sec/2012/q1/771
- Henri Salo
-- System Information:
Debian Release: 6.0.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages wireshark depends on:
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libc-ares2 1.7.3-1squeeze1 library for asyncronous name resol
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra
ii libcomerr2 1.41.12-4stable1 common error description library
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1+squeeze4 FreeType 2 font engine, shared lib
ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime libr
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgnutls26 2.8.6-1+squeeze2 the GNU TLS library - runtime libr
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libk5crypto3 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries
ii libpango1.0-0 1.28.3-1+squeeze2 Layout and rendering of internatio
ii libpcap0.8 1.1.1-2+squeeze1 system interface for user-level pa
ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi
ii libportaudio2 19+svn20071022-3.2 Portable audio I/O - shared librar
ii libsmi2ldbl 0.4.8+dfsg2-3 library to access SMI MIB informat
ii wireshark-common 1.2.11-6+squeeze6 network traffic analyzer - common
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
wireshark recommends no packages.
wireshark suggests no packages.
-- no debconf information
Reply sent
to Balint Reczey <balint@balintreczey.hu>
:
You have taken responsibility.
(Wed, 28 Mar 2012 21:42:13 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>
:
Bug acknowledged by developer.
(Wed, 28 Mar 2012 21:42:15 GMT) (full text, mbox, link).
Message #10 received at 666058-close@bugs.debian.org (full text, mbox, reply):
Source: wireshark
Source-Version: 1.6.6-1
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive:
libwireshark-data_1.6.6-1_all.deb
to main/w/wireshark/libwireshark-data_1.6.6-1_all.deb
libwireshark-dev_1.6.6-1_i386.deb
to main/w/wireshark/libwireshark-dev_1.6.6-1_i386.deb
libwireshark1_1.6.6-1_i386.deb
to main/w/wireshark/libwireshark1_1.6.6-1_i386.deb
libwiretap-dev_1.6.6-1_i386.deb
to main/w/wireshark/libwiretap-dev_1.6.6-1_i386.deb
libwiretap1_1.6.6-1_i386.deb
to main/w/wireshark/libwiretap1_1.6.6-1_i386.deb
libwsutil-dev_1.6.6-1_i386.deb
to main/w/wireshark/libwsutil-dev_1.6.6-1_i386.deb
libwsutil1_1.6.6-1_i386.deb
to main/w/wireshark/libwsutil1_1.6.6-1_i386.deb
tshark_1.6.6-1_i386.deb
to main/w/wireshark/tshark_1.6.6-1_i386.deb
wireshark-common_1.6.6-1_i386.deb
to main/w/wireshark/wireshark-common_1.6.6-1_i386.deb
wireshark-dbg_1.6.6-1_i386.deb
to main/w/wireshark/wireshark-dbg_1.6.6-1_i386.deb
wireshark-dev_1.6.6-1_i386.deb
to main/w/wireshark/wireshark-dev_1.6.6-1_i386.deb
wireshark-doc_1.6.6-1_all.deb
to main/w/wireshark/wireshark-doc_1.6.6-1_all.deb
wireshark_1.6.6-1.debian.tar.gz
to main/w/wireshark/wireshark_1.6.6-1.debian.tar.gz
wireshark_1.6.6-1.dsc
to main/w/wireshark/wireshark_1.6.6-1.dsc
wireshark_1.6.6-1_i386.deb
to main/w/wireshark/wireshark_1.6.6-1_i386.deb
wireshark_1.6.6.orig.tar.bz2
to main/w/wireshark/wireshark_1.6.6.orig.tar.bz2
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 666058@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <balint@balintreczey.hu> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 28 Mar 2012 12:34:10 +0200
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg wireshark-doc libwireshark1 libwsutil1 libwsutil-dev libwireshark-data libwireshark-dev libwiretap1 libwiretap-dev
Architecture: source all i386
Version: 1.6.6-1
Distribution: unstable
Urgency: high
Maintainer: Balint Reczey <balint@balintreczey.hu>
Changed-By: Balint Reczey <balint@balintreczey.hu>
Description:
libwireshark-data - network packet dissection library -- data files
libwireshark-dev - network packet dissection library -- development files
libwireshark1 - network packet dissection library -- shared library
libwiretap-dev - network packet capture library -- development files
libwiretap1 - network packet capture library -- shared library
libwsutil-dev - network packet dissection utilities library -- shared library
libwsutil1 - network packet dissection utilities library -- shared library
tshark - network traffic analyzer - console version
wireshark - network traffic analyzer - GTK+ version
wireshark-common - network traffic analyzer - common files
wireshark-dbg - network traffic analyzer - debug symbols
wireshark-dev - network traffic analyzer - development tools
wireshark-doc - network traffic analyzer - documentation
Closes: 666058
Changes:
wireshark (1.6.6-1) unstable; urgency=high
.
* New upstream release 1.6.6
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.6.6.html
- security fixes (Closes: #666058):
- The ANSI A dissector could dereference a NULL pointer and crash
- The IEEE 802.11 dissector could go into an infinite loop
- The pcap and pcap-ng file parsers could crash trying to read ERF data
- The MP2T dissector could try to allocate too much memory and crash
* depend on automake instead of automake1.9
* update watch file to watch bzip2 compressed archives
Checksums-Sha1:
15fed553096c49d8fb3cc51a24bf61ff2b4396b8 2284 wireshark_1.6.6-1.dsc
0b60fd7d117e78292548fd50d71f750a5dca8b37 21527655 wireshark_1.6.6.orig.tar.bz2
90de47a6769e0e4bedf3ea66f9093e1acd914cb8 61984 wireshark_1.6.6-1.debian.tar.gz
1f012e4f0dcf570c23b55d57157ee435e9c869c3 3486344 wireshark-doc_1.6.6-1_all.deb
61cdd0996d04350659c160d1d5f4da14da7e6ea4 1176730 libwireshark-data_1.6.6-1_all.deb
d12a1709e399ce7dcc0b40405d8d7f80c1028415 212730 wireshark-common_1.6.6-1_i386.deb
4a22a2c7ea3d75b2bbe607ec5d2e65b6789c2abf 856162 wireshark_1.6.6-1_i386.deb
d6f60ced0fb8e565fea141358ad3c9464b1ad638 156386 tshark_1.6.6-1_i386.deb
84cab1cc00d00da8feca9e3f63ecda0e64fbc7d4 171676 wireshark-dev_1.6.6-1_i386.deb
39536d0f428bc70c2f22c042ffac59b426732e6d 18917384 wireshark-dbg_1.6.6-1_i386.deb
6a61b24802848c0374e96892e7c99715f6180f85 10181084 libwireshark1_1.6.6-1_i386.deb
ac178cdbf26e0d4b01fcae6dc33ac37b8f145a80 35942 libwsutil1_1.6.6-1_i386.deb
46e9de2af6458dee41c84a481bc9caaae74bf85f 39372 libwsutil-dev_1.6.6-1_i386.deb
53c3ffcf466f234303789d47c2cb76058cbc1f68 890066 libwireshark-dev_1.6.6-1_i386.deb
0c858374eb019aebfd3c688eb31459467f67fd66 176432 libwiretap1_1.6.6-1_i386.deb
95254f74db11eef5cf8ea26182b8c53f5df1385c 60772 libwiretap-dev_1.6.6-1_i386.deb
Checksums-Sha256:
8ef60389ef9a61481a6cec9f3290ffdc0f8bdc699529e0d4ac5d4cf196c6a7af 2284 wireshark_1.6.6-1.dsc
44dae5898209ece3803c6ce7c9bbb8544b565dd301e8890a6a2213f4a6a2172e 21527655 wireshark_1.6.6.orig.tar.bz2
6b321fa75559585de5fbf114838261a5175b3cfc388936366294ed2bf9eb4706 61984 wireshark_1.6.6-1.debian.tar.gz
41e9387c3e84624bdc05fce9e456bbae9b84251a48c69bba4622acc0de995f80 3486344 wireshark-doc_1.6.6-1_all.deb
1e1d3cd1e71d20f3c0f1b44f568bfd0ba432a1c738e5337d6a5fc7aac65e88f6 1176730 libwireshark-data_1.6.6-1_all.deb
db60814f72c506bdc2ab0785ee165e21eef3cc094cb2f7dc695734fb505aff04 212730 wireshark-common_1.6.6-1_i386.deb
4ac4282755c358043ed2cc05e3ac876ed3b610d51bbd3caa60a486c93e6d1ecb 856162 wireshark_1.6.6-1_i386.deb
a58a805815b028bd97df7d52f7d714584c3594101aa569e87992b57fb80f5609 156386 tshark_1.6.6-1_i386.deb
6df3a1ca4a2cff3818b2cbb2542eeb0b5a47276a6768863dbd049c0554a3ad52 171676 wireshark-dev_1.6.6-1_i386.deb
e3210fa6075f8fa1c5cfb529f261a75fd3ecc692afbf719a8bc13cd277a3d8ff 18917384 wireshark-dbg_1.6.6-1_i386.deb
cf45f639d6c8fbe4d7cae9bb9dd177a024ce2522817b078b06662ac89fde4ca7 10181084 libwireshark1_1.6.6-1_i386.deb
8ea911befb4b88af6fbde45a5d20f1a208c739eac695563deac9ac5af506ae5a 35942 libwsutil1_1.6.6-1_i386.deb
cf5d1feea6ca9b0682a06070d34924077d52cbdf953ad0c0603ff67bc641877b 39372 libwsutil-dev_1.6.6-1_i386.deb
95faddd3275cadb3668f867b90786215b03c133a6d27f2039bba72927550ffac 890066 libwireshark-dev_1.6.6-1_i386.deb
ddf8e2c3bf57d53cd4ce07092fd8c57313624076eb71ea0827bdaa9c7d10afdb 176432 libwiretap1_1.6.6-1_i386.deb
b0079246034fa7eb69f02073879f0f7a027acb181895d907c345fd5d45c495d9 60772 libwiretap-dev_1.6.6-1_i386.deb
Files:
d17402f292e277c60e568f960fbba578 2284 net optional wireshark_1.6.6-1.dsc
61145ccd7684b3cfb159fc902fedfecf 21527655 net optional wireshark_1.6.6.orig.tar.bz2
47e8a9e374e736788dc3de15c6c2a313 61984 net optional wireshark_1.6.6-1.debian.tar.gz
77bf93d926d52b57fbf9daed060da7fb 3486344 doc extra wireshark-doc_1.6.6-1_all.deb
44d2dd8f4071124510b7f2bb370478e2 1176730 libs optional libwireshark-data_1.6.6-1_all.deb
d6a88c77c42f58fb46f9edb2212f2150 212730 net optional wireshark-common_1.6.6-1_i386.deb
0d9dc7cc9a9b5c5c90ac191e5d76ceae 856162 net optional wireshark_1.6.6-1_i386.deb
03f4fd0cbc1eb91d397d9cada2bcf802 156386 net optional tshark_1.6.6-1_i386.deb
80da4bae7c7b197ee01431e97e0540f2 171676 devel optional wireshark-dev_1.6.6-1_i386.deb
a6c94a30d72398e875b6ba7817445dcd 18917384 debug extra wireshark-dbg_1.6.6-1_i386.deb
7d22687efa5aebb6a9cdac48c4277dc5 10181084 libs optional libwireshark1_1.6.6-1_i386.deb
c9183e800740c1979ec315448129e0ed 35942 libs optional libwsutil1_1.6.6-1_i386.deb
e7a992b4df62af25d6b40360d06d897d 39372 libdevel optional libwsutil-dev_1.6.6-1_i386.deb
7314f6fe2545413cc4b1d9b1e6ce05ce 890066 libdevel optional libwireshark-dev_1.6.6-1_i386.deb
fc349951e1393d667d7141b5f6d7cfa2 176432 libs optional libwiretap1_1.6.6-1_i386.deb
f2a3332e31db766ac71109fb7594de27 60772 libdevel optional libwiretap-dev_1.6.6-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFPc3dbmSuMdaVnTsERAlxzAJ9eot51gtIfi0V/hHcd/SiLeOkOlACgylLO
wg1A78BXfCbILVAIYnqktQQ=
=CkNo
-----END PGP SIGNATURE-----
Changed Bug title to 'Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6 (CVE-2012-1593,CVE-2012-1594,CVE-2012-1595,CVE-2012-1596)' from 'Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6'
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org
.
(Wed, 28 Mar 2012 22:33:05 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 26 Apr 2012 07:37:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:38:41 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.