Hi Salvatore, Salvatore Bonaccorso <car...@debian.org> ezt írta (időpont: 2023. ápr. 4., K, 20:36): > > Hi Bálint, > > On Tue, Apr 04, 2023 at 06:22:09PM +0200, Bálint Réczey wrote: > > Control: tags -1 pending fixed-upstream > > > > Hi Salvatore, > > > > Salvatore Bonaccorso <car...@debian.org> ezt írta (időpont: 2023. > > márc. 31., P, 21:01): > > > > > > Source: wireshark > > > Version: 4.0.3-1 > > > Severity: important > > > Tags: security upstream > > > Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/18839 > > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > > <t...@security.debian.org> > > > > > > Hi, > > > > > > The following vulnerability was published for wireshark. > > > > > > CVE-2023-1161[0]: > > > | ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 > > > | and 3.6.0 to 3.6.11 allows denial of service via packet injection or > > > | crafted capture file > > > > > > > > > If you fix the vulnerability please also make sure to include the > > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > I have committed the fix to the packaging repository with the new > > upstream release. > > I plan uploading it when the freeze is over, unless the Security Team > > finds the issue severe enough to warrant an earlier upload. > > Agreed!
The freeze can last quite long, thus to not hold back derivatives and keep updates small-ish I'm uploading new point releases to experimental instead of just waiting. Cheers, Balint
