Debian Bug report logs -
#689972
wireshark: CVE-2012-5237 CVE-2012-5238 CVE-2012-5240
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 8 Oct 2012 15:45:01 UTC
Severity: grave
Tags: security
Fixed in version wireshark/1.8.2-2
Done: Balint Reczey <balint@balintreczey.hu>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Balint Reczey <balint@balintreczey.hu>:
Bug#689972; Package wireshark.
(Mon, 08 Oct 2012 15:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Balint Reczey <balint@balintreczey.hu>.
(Mon, 08 Oct 2012 15:45:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: wireshark
Severity: grave
Tags: security
Justification: user security hole
Please see
http://www.wireshark.org/security/wnpa-sec-2012-26.html
http://www.wireshark.org/security/wnpa-sec-2012-27.html
http://www.wireshark.org/security/wnpa-sec-2012-29.html
Stable should not be affected, but please double-check.
Since 1.8.3 changes more than just the security fixes, please
cherrypick only the security-related fixes into an upload
targeted at unstable and ask for an unblock.
Cheers,
Moritz
Reply sent
to Balint Reczey <balint@balintreczey.hu>:
You have taken responsibility.
(Tue, 09 Oct 2012 13:51:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Tue, 09 Oct 2012 13:51:06 GMT) (full text, mbox, link).
Message #10 received at 689972-close@bugs.debian.org (full text, mbox, reply):
Source: wireshark
Source-Version: 1.8.2-2
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 689972@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <balint@balintreczey.hu> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 09 Oct 2012 11:39:42 +0200
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg wireshark-doc libwireshark2 libwsutil2 libwsutil-dev libwireshark-data libwireshark-dev libwiretap2 libwiretap-dev
Architecture: source all amd64
Version: 1.8.2-2
Distribution: unstable
Urgency: high
Maintainer: Balint Reczey <balint@balintreczey.hu>
Changed-By: Balint Reczey <balint@balintreczey.hu>
Description:
libwireshark-data - network packet dissection library -- data files
libwireshark-dev - network packet dissection library -- development files
libwireshark2 - network packet dissection library -- shared library
libwiretap-dev - network packet capture library -- development files
libwiretap2 - network packet capture library -- shared library
libwsutil-dev - network packet dissection utilities library -- shared library
libwsutil2 - network packet dissection utilities library -- shared library
tshark - network traffic analyzer - console version
wireshark - network traffic analyzer - GTK+ version
wireshark-common - network traffic analyzer - common files
wireshark-dbg - network traffic analyzer - debug symbols
wireshark-dev - network traffic analyzer - development tools
wireshark-doc - network traffic analyzer - documentation
Closes: 689972
Changes:
wireshark (1.8.2-2) unstable; urgency=high
.
* security fixes from Wireshark 1.8.3 (Closes: #689972):
- The HSRP dissector could go into an infinite loop (CVE-2012-5237)
- The PPP dissector could abort (CVE-2012-5238)
- Martin Wilck discovered an infinite loop in the DRDA dissector
(CVE-2012-5239)
- Laurent Butti discovered a buffer overflow in the LDP dissector
(CVE-2012-5240)
Checksums-Sha1:
595ca2ed775c652c34858cf8a80ec1d33f5c41cd 2296 wireshark_1.8.2-2.dsc
792b08e4419612440d4c3e799514de070f1f04be 65631 wireshark_1.8.2-2.debian.tar.gz
6e7438b00b6be24447f8588e762140ce4f520ff6 3849182 wireshark-doc_1.8.2-2_all.deb
dea452d48f3cbf90d5689b2a3206bc6e2ff6ec78 1222422 libwireshark-data_1.8.2-2_all.deb
c760a332f69b763ca2be7cb8e11208460a6ecefa 227222 wireshark-common_1.8.2-2_amd64.deb
9f36fcd56ce3b24c786866e26d705b7080ea9c12 980324 wireshark_1.8.2-2_amd64.deb
029ff2a0197addb7df7e04b0291e04cabc52b3e6 177034 tshark_1.8.2-2_amd64.deb
524f2b65ffd6eebcf2112e13bfaf355130202ccc 175670 wireshark-dev_1.8.2-2_amd64.deb
0095e13770a62183ad3384d19e6435acf1ffdfa1 28285618 wireshark-dbg_1.8.2-2_amd64.deb
0a836ee0662bd3993878b7e9772a64869fba6683 13439880 libwireshark2_1.8.2-2_amd64.deb
43748896f74b95a368fa2a48c61a0badeebdd5c8 49578 libwsutil2_1.8.2-2_amd64.deb
54ffc89e517252d1b36317f8778406455a6b760f 48770 libwsutil-dev_1.8.2-2_amd64.deb
417fa85fbb768414137b8b2087485b5b53155296 884722 libwireshark-dev_1.8.2-2_amd64.deb
0f9625e971d6595955d2dcb91759b868e6ea682d 189842 libwiretap2_1.8.2-2_amd64.deb
99a69d7e6345f3e4d45f885ec10f15e2997d3602 69360 libwiretap-dev_1.8.2-2_amd64.deb
Checksums-Sha256:
b56bb0a70f24a97094f3590be60092b91db389df4eaff6cab607a377649cd86e 2296 wireshark_1.8.2-2.dsc
a6fb6ddb2cd805c344cafa3134133d9e92afce6558786c83adef4f3e5a3c8bb3 65631 wireshark_1.8.2-2.debian.tar.gz
f99d2bac0f4a11018ae515e29c6ce768b7ef8f973a9002f596b397a152225997 3849182 wireshark-doc_1.8.2-2_all.deb
9a368d088b42cbe6984179902ad528bc89ee55ca2ed3ea217128086382747636 1222422 libwireshark-data_1.8.2-2_all.deb
b7024914054dddf54890f7505ec5aa4b13d029a431b003f9a531ef933aa1c570 227222 wireshark-common_1.8.2-2_amd64.deb
f79131cca541c7ef0215c5668b8fe817bbc44de150eb582db4eacc8fbab43466 980324 wireshark_1.8.2-2_amd64.deb
845e447b02d610c1d53d4e2443c958c66a8ec0d4f746d5ad1c204f7953ab6c41 177034 tshark_1.8.2-2_amd64.deb
15acbeb6f406070c162b0fee85c28aadcec72940d58e4390a2ddef2d8c3d72fd 175670 wireshark-dev_1.8.2-2_amd64.deb
77ea50bc27d502c49bf5b9dcebe86ebf3bac47a7e8656999af34f71a64bafdd6 28285618 wireshark-dbg_1.8.2-2_amd64.deb
04286964900a2855cbc8e1abb3d25da4db24bc0b561bce681874b2810ab991f4 13439880 libwireshark2_1.8.2-2_amd64.deb
80981d833fe5ab3737361c5c5ebfaaf81f8b2239dfcd8c9c00332ce747d4e8da 49578 libwsutil2_1.8.2-2_amd64.deb
28ae37f9b2ca1df41cbf75c9a6d6f9ff908796126559d517a366117d7912eec0 48770 libwsutil-dev_1.8.2-2_amd64.deb
b460761f1b5b7faa9e4a6ba18b3a8ad450ab9358d5532b71d5132eb9c814498f 884722 libwireshark-dev_1.8.2-2_amd64.deb
5b064d1576a8bab0d4a2a3d4e0e9b209620187666bed21a88b03d36425aba334 189842 libwiretap2_1.8.2-2_amd64.deb
49364288bf946be51ebe944cef178fe9c4370bd1da11c7deea0821fb0d126033 69360 libwiretap-dev_1.8.2-2_amd64.deb
Files:
4d736126f269102b3fec4f1bc90addf0 2296 net optional wireshark_1.8.2-2.dsc
df58b567270c0ddfd558b7af1ad6e412 65631 net optional wireshark_1.8.2-2.debian.tar.gz
053ee7157a02a5dca6b43c48b8c34073 3849182 doc extra wireshark-doc_1.8.2-2_all.deb
9c57d9b70642974861a49c50cae4177a 1222422 libs optional libwireshark-data_1.8.2-2_all.deb
9d38f65b7fd87d667e92c6a97be0ec08 227222 net optional wireshark-common_1.8.2-2_amd64.deb
2a9ed35972f5386ad4e9033bf0b532c0 980324 net optional wireshark_1.8.2-2_amd64.deb
1705a5340da467f1b97bc889620478b0 177034 net optional tshark_1.8.2-2_amd64.deb
722cdf72b00bffeb7bb8d8b9602654e4 175670 devel optional wireshark-dev_1.8.2-2_amd64.deb
5bc2f42c563fa6fd3a7e5aff6a066140 28285618 debug extra wireshark-dbg_1.8.2-2_amd64.deb
1835a2413f3f5db96614c9a7a9274cc0 13439880 libs optional libwireshark2_1.8.2-2_amd64.deb
eb56cfdb53e90e65afa278f34dda18f5 49578 libs optional libwsutil2_1.8.2-2_amd64.deb
aa7dc50983c8879e3bc1412f029ddc47 48770 libdevel optional libwsutil-dev_1.8.2-2_amd64.deb
27628f9c99ebe64b21b51caeb421d154 884722 libdevel optional libwireshark-dev_1.8.2-2_amd64.deb
900c82a2e0789d243b878d344cccd066 189842 libs optional libwiretap2_1.8.2-2_amd64.deb
06306c5eb62f10698e23e6c677d0f217 69360 libdevel optional libwiretap-dev_1.8.2-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlB0JlwACgkQmSuMdaVnTsHVRwCfVxuGx6hhrQFEf4jFX5KsujGi
xKwAnR0MBvPH5puQv4mqDCJnSsev+I/z
=R+XV
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 07 Nov 2012 07:27:32 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:33:32 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon