-
wireshark (1.8.2-5wheezy9build0.13.04.1) raring-security; urgency=low
* fake sync from Debian
wireshark (1.8.2-5wheezy9) wheezy-security; urgency=high
* security fixes from (not yet released) Wireshark 1.8.13:
- The BSSGP dissector could crash. Discovered by Laurent Butti.
(CVE-2013-7113)
The exploit provided for CVE-2013-7113 does not crash 1.8.2-5wheezy8
and earlier versions, but a modified exploit could. The fix is
back-ported from Wireshark's 1.8.x branch.
wireshark (1.8.2-5wheezy8) wheezy-security; urgency=high
* security fixes from Wireshark 1.8.12:
- The NTLMSSP v2 dissector could crash. Discovered by Garming Sam.
(CVE-2013-7114)
-- Seth Arnold <email address hidden> Tue, 07 Jan 2014 17:54:53 -0800
-
wireshark (1.8.2-5wheezy7build0.13.04.1) raring-security; urgency=low
* fake sync from Debian
wireshark (1.8.2-5wheezy7) wheezy-security; urgency=high
* security fixes from Wireshark 1.8.11:
- The IEEE 802.15.4 dissector could crash. (CVE-2013-6336)
- The NBAP dissector could crash. Discovered by Laurent Butti.
(CVE-2013-6337)
- The SIP dissector could crash.
(CVE-2013-6338)
- The TCP dissector could crash. (CVE-2013-6340)
wireshark (1.8.2-5wheezy6) wheezy-security; urgency=high
* security fixes from Wireshark 1.8.10:
- NBAP dissector could crash. Discovered by Laurent Butti.
(No assigned CVE number)
- The RTPS dissector could overflow a buffer. Discovered by
Ben Schmidt. (No assigned CVE number)
- The LDAP dissector could crash. (No assigned CVE number)
- The Netmon file parser could crash. Discovered by G. Geshev.
wireshark (1.8.2-5wheezy5) wheezy-security; urgency=high
* security fixes from Wireshark 1.8.9:
- The DVB-CI dissector could crash. Discovered by Laurent Butti.
(CVE-2013-4930)
- The GSM A Common dissector could crash. (CVE-2013-4932)
- The Netmon file parser could crash. Discovered by G. Geshev.
(CVE-2013-4933, CVE-2013-4934)
- The ASN.1 PER dissector could crash. Discovered by Oliver-Tobias Ripka.
(CVE-2013-4935)
-- Seth Arnold <email address hidden> Tue, 19 Nov 2013 16:19:36 -0800
-
wireshark (1.8.2-5wheezy4build0.13.04.1) raring-security; urgency=low
* fake sync from Debian
wireshark (1.8.2-5wheezy4) wheezy-security; urgency=high
* security fixes from Wireshark 1.8.8 (Closes: #711918):
- The CAPWAP dissector could crash. Discovered by Laurent Butti.
(CVE-2013-4074)
- The GMR-1 BCCH dissector could crash.
Discovered by Sylvain Munaut and Laurent Butti. (CVE-2013-4075)
- The PPP dissector could crash. Discovered by Laurent Butti.
(CVE-2013-4076)
- The NBAP dissector could crash. (CVE-2013-4077)
- The RDP dissector could crash. Discovered by Laurent Butti.
(CVE-2013-4078)
- The HTTP dissector could overrun the stack. (CVE-2013-4081)
- The Ixia IxVeriWave file parser could overflow the heap.
Discovered by Sachin Shinde. (CVE-2013-4082)
- The DCP ETSI dissector could crash. (CVE-2013-4083)
-- Marc Deslauriers <email address hidden> Tue, 18 Jun 2013 12:59:20 -0400
-
wireshark (1.8.2-5wheezy3build0.13.04.1) raring-security; urgency=low
* fake sync from Debian
wireshark (1.8.2-5wheezy3) wheezy-security; urgency=high
* security fixes from Wireshark 1.8.7 (Closes: #709167):
- The GTPv2 dissector could crash (CVE-2013-3555)
- The ASN.1 BER dissector could crash (CVE-2013-3557)
- The PPP CCP dissector could crash (CVE-2013-3558)
- The DCP ETSI dissector could crash. Discovered by Evan Jensen.
(CVE-2013-3559)
- The MPEG DSM-CC dissector could crash. (CVE-2013-3560)
- The Websocket dissector could crash. Discovered by Moshe Kaplan.
(CVE-2013-3562)
wireshark (1.8.2-5wheezy2) wheezy-proposed-updates; urgency=low
* make libwsutil-dev confict with and replace wireshark-dev (<< 1.4.0~rc2-1)
(Closes: #704561)
wireshark (1.8.2-5wheezy1) wheezy-security; urgency=high
* re-upload to Wheezy security without changes in the content
-- Marc Deslauriers <email address hidden> Wed, 05 Jun 2013 09:53:32 -0400
-
wireshark (1.8.2-5) unstable; urgency=high
* security fixes from Wireshark 1.8.6:
- The TCP dissector could crash (CVE-2013-2475)
- The CSN.1 dissector could crash. Discovered by Laurent Butti.
(CVE-2013-2477)
- MMS dissector could crash. Discovered by Laurent Butti.
(CVE-2013-2478)
- The RTPS and RTPS2 dissectors could crash. Discovered by Alyssa Milburn.
(CVE-2013-2480)
- The Mount dissector could crash. Discovered by Alyssa Milburn.
(CVE-2013-2481)
- The ACN dissector could attempt to divide by zero.
Discovered by Alyssa Milburn. (CVE-2013-2483)
- The CIMD dissector could crash. Discovered by Moshe Kaplan.
(CVE-2013-2484)
- The DTLS dissector could crash. Discovered by Laurent Butti.
(CVE-2013-2488)
wireshark (1.8.2-4) unstable; urgency=high
* security fixes from Wireshark 1.8.5:
- The CLNP dissector could crash. Discovered independently by
Laurent Butti and the Wireshark development team (CVE-2013-1582)
- The DTN dissector could crash (CVE-2013-1583, CVE-2013-1584)
- The MS-MMC dissector (and possibly others) could crash (CVE-2013-1585)
- The DTLS dissector could crash. Discovered by Laurent Butti.
(CVE-2013-1586)
- The ROHC dissector could crash (CVE-2013-1587)
- The DCP-ETSI dissector could corrupt memory. Discovered by Laurent Butti.
(CVE-2013-1588)
- The Wireshark dissection engine could crash. Discovered by Laurent Butti.
- The NTLMSSP dissector could overflow a buffer. Discovered by
Ulf Härnhammar. (CVE-2013-1590)
-- Scott Kitterman <email address hidden> Sat, 09 Mar 2013 12:59:06 +0100
-
wireshark (1.8.2-2) unstable; urgency=high
* security fixes from Wireshark 1.8.3 (Closes: #689972):
- The HSRP dissector could go into an infinite loop (CVE-2012-5237)
- The PPP dissector could abort (CVE-2012-5238)
- Martin Wilck discovered an infinite loop in the DRDA dissector
(CVE-2012-5239)
- Laurent Butti discovered a buffer overflow in the LDP dissector
(CVE-2012-5240)
-- Balint Reczey <email address hidden> Tue, 09 Oct 2012 11:39:42 +0200
