Changelog
wireshark (2.6.20-0+deb10u1) buster; urgency=medium
* Non-maintainer upload.
* New upstream version including the following security fixes:
- CVE-2019-16319: The Gryphon dissector could go into an infinite loop.
- CVE-2019-19553: The CMS dissector could crash.
- CVE-2020-7045: The BT ATT dissector could crash.
- CVE-2020-9428: The EAP dissector could crash.
- CVE-2020-9430: The WiMax DLMAP dissector could crash.
- CVE-2020-9431: The LTE RRC dissector could leak memory.
- CVE-2020-11647: The BACapp dissector could crash. (Closes: #958213)
- CVE-2020-13164: The NFS dissector could crash.
- CVE-2020-15466: The GVCP dissector could go into an infinite loop.
- CVE-2020-25862: The TCP dissector could crash.
- CVE-2020-25863: The MIME Multipart dissector could crash.
* Adjust 17_libdir_location.patch for context changes.
* Since Wireshark 2.6.14 tests are run automatically by debhelper,
backport the build fix and making test failures non-fatal.
* CVE-2020-26575: The Facebook Zero Protocol (aka FBZERO) dissector
could enter an infinite loop. (Closes: #974688)
* CVE-2020-28030: The GQUIC dissector could crash. (Closes: #974689)
* CVE-2020-26418: Memory leak in the Kafka protocol dissector.
* CVE-2020-26421: Crash in USB HID protocol dissector.
-- Adrian Bunk <email address hidden> Sat, 30 Jan 2021 15:55:58 +0200