Control: tags -1 pending fixed-upstream Hi Salvatore,
Salvatore Bonaccorso <car...@debian.org> ezt írta (időpont: 2023. márc. 31., P, 21:01): > > Source: wireshark > Version: 4.0.3-1 > Severity: important > Tags: security upstream > Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/18839 > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > Hi, > > The following vulnerability was published for wireshark. > > CVE-2023-1161[0]: > | ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 > | and 3.6.0 to 3.6.11 allows denial of service via packet injection or > | crafted capture file > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. I have committed the fix to the packaging repository with the new upstream release. I plan uploading it when the freeze is over, unless the Security Team finds the issue severe enough to warrant an earlier upload. Cheers, Balint
