tcpreplay (4.4.1-2ubuntu1) kinetic; urgency=medium
* SECURITY UPDATE: heap-overflow in get_l2len_protocol
- debian/patches/CVE-2022-25484_27941.patch: fix heap overflow in
get_l2len_protocol
- CVE-2022-25484
- CVE-2022-27941
* SECURITY UPDATE: reachable assertion in get_layer4_v6
- debian/patches/CVE-2022-27939.patch: fix null pointer dereference in
get_layer4_v6
- CVE-2022-27939
* SECURITY UPDATE: heap-overflow in get_ipv6_next
- debian/patches/CVE-2022-27940_37047_37049.patch: Add end_ptr to key
functions, which make it easier to implement overflow protections
- CVE-2022-27940
- CVE-2022-37047
- CVE-2022-37049
* SECURITY UPDATE: heap-overflow in parse_mpls
- debian/patches/CVE-2022-27942.patch: Add better overflow protection in
parse_mpls
- CVE-2022-27942
* SECURITY UPDATE: format string vulnerability in fix_ipv6_checksums
- debian/patches/CVE-2022-28487.patch: fix format string in
src/tcpedit/edit_packet.c file
- CVE-2022-28487
* SECURITY UPDATE: heap-overflow in get_l2len_protocol
- debian/patches/CVE-2022-37048.patch: fix heap-overflow by checking data
length correctly
- CVE-2022-37048
-- Nishit Majithia <email address hidden> Tue, 27 Sep 2022 09:25:27 +0530
