Debian Bug report logs -
#769410
wireshark: CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 13 Nov 2014 13:51:08 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in version wireshark/1.12.1+g01b65bf-1
Fixed in version wireshark/1.12.1+g01b65bf-2
Done: Balint Reczey <balint@balintreczey.hu>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Balint Reczey <balint@balintreczey.hu>:
Bug#769410; Package src:wireshark.
(Thu, 13 Nov 2014 13:51:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Balint Reczey <balint@balintreczey.hu>.
(Thu, 13 Nov 2014 13:51:12 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: wireshark
Version: 1.12.1+g01b65bf-1
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for wireshark.
CVE-2014-8710[0]:
SigComp dissector crash
CVE-2014-8711[1]:
AMQP dissector crash
CVE-2014-8712[2]:
NCP dissector crashes
CVE-2014-8713[3]:
NCP dissector crashes
CVE-2014-8714[4]:
TN5250 infinite loop
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8710
[1] https://security-tracker.debian.org/tracker/CVE-2014-8711
[2] https://security-tracker.debian.org/tracker/CVE-2014-8712
[3] https://security-tracker.debian.org/tracker/CVE-2014-8713
[4] https://security-tracker.debian.org/tracker/CVE-2014-8714
Regards,
Salvatore
Reply sent
to Balint Reczey <balint@balintreczey.hu>:
You have taken responsibility.
(Wed, 19 Nov 2014 17:06:23 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 19 Nov 2014 17:06:23 GMT) (full text, mbox, link).
Message #10 received at 769410-close@bugs.debian.org (full text, mbox, reply):
Source: wireshark
Source-Version: 1.12.1+g01b65bf-2
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 769410@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <balint@balintreczey.hu> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 02 Nov 2014 20:31:06 +0100
Source: wireshark
Binary: wireshark-common wireshark wireshark-qt tshark wireshark-dev wireshark-dbg wireshark-doc libwireshark5 libwsutil4 libwsutil-dev libwireshark-data libwireshark-dev libwiretap4 libwiretap-dev
Architecture: source amd64 all
Version: 1.12.1+g01b65bf-2
Distribution: unstable
Urgency: medium
Maintainer: Balint Reczey <balint@balintreczey.hu>
Changed-By: Balint Reczey <balint@balintreczey.hu>
Description:
libwireshark-data - network packet dissection library -- data files
libwireshark-dev - network packet dissection library -- development files
libwireshark5 - network packet dissection library -- shared library
libwiretap-dev - network packet capture library -- development files
libwiretap4 - network packet capture library -- shared library
libwsutil-dev - network packet dissection utilities library -- shared library
libwsutil4 - network packet dissection utilities library -- shared library
tshark - network traffic analyzer - console version
wireshark - network traffic analyzer - GTK+ version
wireshark-common - network traffic analyzer - common files
wireshark-dbg - network traffic analyzer - debug symbols
wireshark-dev - network traffic analyzer - development tools
wireshark-doc - network traffic analyzer - documentation
wireshark-qt - network traffic analyzer - Qt version
Closes: 757469 757499 769410
Changes:
wireshark (1.12.1+g01b65bf-2) unstable; urgency=medium
.
[Mert Dirik]
* Add Turkish translation (Closes: #757499)
.
[Balint Reczey]
* Fix typo in libwiretap4 description (Closes: #757469)
* security fixes from Wireshark 1.12.2 (Closes: #769410):
- SigComp UDVM buffer overflow (CVE-2014-8710)
- AMQP crash (CVE-2014-8711)
- NCP crashes (CVE-2014-8712, CVE-2014-8713)
- TN5250 infinite loops (CVE-2014-8714)
Checksums-Sha1:
8c861ab46ec02ae11c4498f59884a053992b8f28 3295 wireshark_1.12.1+g01b65bf-2.dsc
4d5fb830315311ee7d7f1bb031e57ff4c04a7770 59412 wireshark_1.12.1+g01b65bf-2.debian.tar.xz
7e155e6021ffc6c79087c3f84d964a27e2e14222 180126 wireshark-common_1.12.1+g01b65bf-2_amd64.deb
b4e92af281753fb466cc8be7b4fd2a1b574c2720 771578 wireshark_1.12.1+g01b65bf-2_amd64.deb
fe418d0fd0420e1c6d575ff4491c2efb34232e08 1057408 wireshark-qt_1.12.1+g01b65bf-2_amd64.deb
66e0e92f831333361aa41638011081b27e795737 160616 tshark_1.12.1+g01b65bf-2_amd64.deb
414e3a8eaa7ee456193b933dc55f692e38fa9da8 144310 wireshark-dev_1.12.1+g01b65bf-2_amd64.deb
69a73d178075e67056b67e08a0fb09e89312642f 38777400 wireshark-dbg_1.12.1+g01b65bf-2_amd64.deb
7082ff1bb7fb8a2e18b0fb9e834859200b7cff69 3868500 wireshark-doc_1.12.1+g01b65bf-2_all.deb
e9da08014df2e6cc87e68926ff17adff7c780d7b 11271554 libwireshark5_1.12.1+g01b65bf-2_amd64.deb
883a4206341fc32011e6a9edc295bf610e63a82f 94600 libwsutil4_1.12.1+g01b65bf-2_amd64.deb
a2c231be1f2d5cc1f1b00e713f83a9a668108bdf 71172 libwsutil-dev_1.12.1+g01b65bf-2_amd64.deb
1b96011514a9cd0952a6cc7bcd947de804b526c3 837148 libwireshark-data_1.12.1+g01b65bf-2_all.deb
6b785997f1d7279d686f25602ad76d78a0e2796b 766792 libwireshark-dev_1.12.1+g01b65bf-2_amd64.deb
75ca3649b93b730a8bb08e4646663306dc80b38d 186646 libwiretap4_1.12.1+g01b65bf-2_amd64.deb
b4e513c829b3dc3b6f3d85fe33916aec60be9e36 78270 libwiretap-dev_1.12.1+g01b65bf-2_amd64.deb
Checksums-Sha256:
acc0615dbb190aef0c4fe15524ad614f64406d1331ea7930672ba43627a42db3 3295 wireshark_1.12.1+g01b65bf-2.dsc
5f33a5640d8fc4be1234e3a4f44c29c86c846b0c2a201974ef393d0fe6452028 59412 wireshark_1.12.1+g01b65bf-2.debian.tar.xz
f1f943a820de5149e3ad63b6387c5fd2097c212b7261b9b11a4724ab3a8d6e7d 180126 wireshark-common_1.12.1+g01b65bf-2_amd64.deb
dcc576bcc94e260e6b0da0457245fb833d08c8c5c9a93a6c04ecdd038d67b394 771578 wireshark_1.12.1+g01b65bf-2_amd64.deb
5b55d9eca1d6fbba38de3a01e9ae118c1e08dbd7b6695edc2cf8a9b6c49b7349 1057408 wireshark-qt_1.12.1+g01b65bf-2_amd64.deb
bad949674f8466d8bce88818b02077263db639c80f41d4614dee3fc0de7fe142 160616 tshark_1.12.1+g01b65bf-2_amd64.deb
8539f10019265589de2d32784d488606876fa92a4be9b4705b758a3aa6cbeec8 144310 wireshark-dev_1.12.1+g01b65bf-2_amd64.deb
e3f8dfd69865ab04834b5a09c14f6803246541b14b6002831b955d30659e8c72 38777400 wireshark-dbg_1.12.1+g01b65bf-2_amd64.deb
5b7664f72382bf657b1bb030fe989db655e86355651efcb169b3cbcdb0383acd 3868500 wireshark-doc_1.12.1+g01b65bf-2_all.deb
b71ceae1d38f94880bd1af171fd22404ea956b660d1743ee0b08368d78fc27f5 11271554 libwireshark5_1.12.1+g01b65bf-2_amd64.deb
bab9656dd7da4679fbfaadd6cc2ab7d2c45ec3247b7c90bc7b892e6a1ab4554a 94600 libwsutil4_1.12.1+g01b65bf-2_amd64.deb
314923f42730b39c3ba7955a9a9661cc62ac4a9ca13adccb8ca26ccf2d3bbebd 71172 libwsutil-dev_1.12.1+g01b65bf-2_amd64.deb
75a22803c9926614f77a82d339fcc162528ed8f2594a8627b06ddcdf52c1bf79 837148 libwireshark-data_1.12.1+g01b65bf-2_all.deb
5f0afc97cd0b62fe46c747bf341970aef1af525cfc227509f7c5b906d1cc1aef 766792 libwireshark-dev_1.12.1+g01b65bf-2_amd64.deb
6c80d522bf69d888267f9549134b4c8532896ab72facce43d36530fdfa817418 186646 libwiretap4_1.12.1+g01b65bf-2_amd64.deb
2a45ca65a74d5fd0daa1885e647195b606c95c28510c85a72e2120cef013c21c 78270 libwiretap-dev_1.12.1+g01b65bf-2_amd64.deb
Files:
46f23e5111d923edcad784d2d0333816 3295 net optional wireshark_1.12.1+g01b65bf-2.dsc
e8426c874a3d2164b75f072bcabf6112 59412 net optional wireshark_1.12.1+g01b65bf-2.debian.tar.xz
e1d3916de187f3d41866e128d6cb6bc8 180126 net optional wireshark-common_1.12.1+g01b65bf-2_amd64.deb
c14e0095912ce5196f3f6068954c71a9 771578 net optional wireshark_1.12.1+g01b65bf-2_amd64.deb
c64497e767320bb8e049ae670de155ad 1057408 net optional wireshark-qt_1.12.1+g01b65bf-2_amd64.deb
9d97a443149988c46bca30ed5b663d6d 160616 net optional tshark_1.12.1+g01b65bf-2_amd64.deb
25b504c25b8c3d6237554c923e552b3e 144310 devel optional wireshark-dev_1.12.1+g01b65bf-2_amd64.deb
3cea8b35f8cf96dc5bd213fc7309e42b 38777400 debug extra wireshark-dbg_1.12.1+g01b65bf-2_amd64.deb
0f0caf6bcb3e7c4afb1b6363cfde5b53 3868500 doc extra wireshark-doc_1.12.1+g01b65bf-2_all.deb
99c38c39fe47dca15f99e15a84ad80c4 11271554 libs optional libwireshark5_1.12.1+g01b65bf-2_amd64.deb
d7b164e8e4725d8ce56dd134a2aba527 94600 libs optional libwsutil4_1.12.1+g01b65bf-2_amd64.deb
c4577504bcfd2ff74265e1a5d7d09a3e 71172 libdevel optional libwsutil-dev_1.12.1+g01b65bf-2_amd64.deb
04e6404d03f570f9b3f7c522cc83a1ae 837148 libs optional libwireshark-data_1.12.1+g01b65bf-2_all.deb
c5215ca34a434613d4d6501c36d32056 766792 libdevel optional libwireshark-dev_1.12.1+g01b65bf-2_amd64.deb
dd9d02d68d3531f51d2bbe0fdd1164b1 186646 libs optional libwiretap4_1.12.1+g01b65bf-2_amd64.deb
03e8a997cdc7f59efabf461fa9c501d4 78270 libdevel optional libwiretap-dev_1.12.1+g01b65bf-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUbMijAAoJEPZk0la0aRp9KSYQAIIRu6gpZgnlLbdsFMVal+W9
tL9ADoFPuAX9e2yw+Dzm+s4tNDnFDflACK4/5lgukOjGSZa6W7HaUZ52VRlxvKVH
8l8zWQwWtt0sB2GM68h6K9loGSNkS8uZ53ezCMskIXl4oAGWaR17NyuEibrufSJR
ZlXgIw4vefymn0Oaexko3js+zoi+4WQMGj0xWmsnVExix/jeBUiaKv5viwjB3DpE
MQ+aJWsGtgfbRg6I91JZVDE4TcSpk/k30S1JZEnarkpLy0tSmFAvYv8ZeLov6Nyd
f40kx/CjMD6GMBlSXmboeHv3KNIirW5Qbni/zmdwKCLctmW334muwzk8EehQ2DFE
1v0PERn1adYD9nyMT99nnsXU0qvS8947p9JsDVf7kfaLomEvvu7P2D4HtO4BsPCS
QQ1cI0v7iyYTxb1Qiffh9FALC6yvT7DprBihEju1r1/jKnDhMyDuY5Yo4UQPm3IF
XpS2woN9eSBd78yguBoRlY6VfEEzaRp+QQzalQW6+rtK/DmxzuAHetAmuz2rpI/T
P1eOg9k66glzprRZNAVnSFsA6DbpZ3lLxtktr9XqIGpP4PSLo6aeHV4A0i8UngY4
2o835HTa8psHwiTI7/nGZzLk7FWS4od/+iAXGoBidemKUE0vtDoLP9N0KZG2XzRZ
TcHtigY52GLnRkfRUJjV
=NdP4
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 23 Dec 2014 07:26:49 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:46:06 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon