Control: tags -1 pending confirmed Hi Salvatore,
On Fri, Apr 30, 2021 at 10:57 PM Salvatore Bonaccorso <car...@debian.org> wrote: > > Source: wireshark > Version: 3.4.4-1 > Severity: important > Tags: security upstream > Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/17331 > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > Hi, > > The following vulnerability was published for wireshark. > > CVE-2021-22207[0]: > | Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to > | 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet > | injection or crafted capture file > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. I've prepared the next upload including this fix at https://salsa.debian.org/debian/wireshark/-/commits/debian/master but have not uploaded it because I did not consider this vulnerability important enough to ask an exception for the freeze. I will happily do the upload if it gets unblocked. Cheers, Balint -- Balint Reczey Ubuntu & Debian Developer
