Your message dated Fri, 12 Sep 2008 14:47:10 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#497878: fixed in wireshark 1.0.3-1
has caused the Debian Bug report #497878,
regarding wireshark: several security issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
497878: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497878
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: wireshark
Severity: grave
Tags: security
Justification: user security hole
Hi,
The following CVE ids have been issued against wireshark.
Name: CVE-2008-3146
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3146
Reference: SUSE:SUSE-SR:2008:017
Reference:
URL:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Reference: CONFIRM:http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2008-05.html
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly
Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of
service (application crash) and possibly execute arbitrary code via a
crafted NCP packet that causes an invalid pointer to be used.
======================================================
Name: CVE-2008-3932
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3932
Reference: CONFIRM:http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2008-05.html
Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to
cause a denial of service (hang) via a crafted NCP packet that
triggers an infinite loop.
======================================================
Name: CVE-2008-3933
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3933
Reference: MISC:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2682
Reference: CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2649
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2008-05.html
Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers
to cause a denial of service (crash) via a packet with crafted
zlib-compressed data that triggers an invalid read in the
tvb_uncompress function.
======================================================
Name: CVE-2008-3934
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3934
Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2008-05.html
Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6
through 1.0.2 allows attackers to cause a denial of service (crash)
via a crafted Tektronix .rf5 file.
Please mention the CVE ids in your changelog entry, when you fix these issues.
Cheers
Steffen
--- End Message ---
--- Begin Message ---
Source: wireshark
Source-Version: 1.0.3-1
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive:
tshark_1.0.3-1_i386.deb
to pool/main/w/wireshark/tshark_1.0.3-1_i386.deb
wireshark-common_1.0.3-1_i386.deb
to pool/main/w/wireshark/wireshark-common_1.0.3-1_i386.deb
wireshark-dev_1.0.3-1_i386.deb
to pool/main/w/wireshark/wireshark-dev_1.0.3-1_i386.deb
wireshark_1.0.3-1.diff.gz
to pool/main/w/wireshark/wireshark_1.0.3-1.diff.gz
wireshark_1.0.3-1.dsc
to pool/main/w/wireshark/wireshark_1.0.3-1.dsc
wireshark_1.0.3-1_i386.deb
to pool/main/w/wireshark/wireshark_1.0.3-1_i386.deb
wireshark_1.0.3.orig.tar.gz
to pool/main/w/wireshark/wireshark_1.0.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Joost Yervante Damad <[EMAIL PROTECTED]> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 12 Sep 2008 15:05:58 +0200
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev
Architecture: source i386
Version: 1.0.3-1
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <[EMAIL PROTECTED]>
Changed-By: Joost Yervante Damad <[EMAIL PROTECTED]>
Description:
tshark - network traffic analyzer (console)
wireshark - network traffic analyzer
wireshark-common - network traffic analyser (common files)
wireshark-dev - network traffic analyser (development tools)
Closes: 496768 497878
Changes:
wireshark (1.0.3-1) unstable; urgency=high
.
* New upstream release 1.0.3 (Closes: #497878)
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.0.3.html
- security fixes:
- The NCP dissector was susceptible to a number of problems,
including buffer overflows and an infinite loop
(CVE-2008-3146, CVE-2008-3932)
- Wireshark could crash while uncompressing zlib-compressed
packet data (CVE-2008-3933)
- Wireshark could crash while reading a Tektronix .rf5 file
(CVE-2008-3934)
- other fixes:
- Following a TCP stream could incorrectly reassemble packets
(Closes: #496768)
Checksums-Sha1:
e827500609cb31167684ee30565603cf86af1bf4 1470 wireshark_1.0.3-1.dsc
160c8be5700aa045d85c07ab52bf8089c21bef2d 16782097 wireshark_1.0.3.orig.tar.gz
796cd9b5eb0fe13c5c7d61ec3cc78dcd53f48865 47966 wireshark_1.0.3-1.diff.gz
4069adcf9ebae2a627c65b8c9f3f05a81cf2c98d 10124450
wireshark-common_1.0.3-1_i386.deb
bcee2c8296e0f63d0d1872b49109ac4ac631a05b 619504 wireshark_1.0.3-1_i386.deb
6bc5d436e06143496a16b3dae72f00c961da491e 112054 tshark_1.0.3-1_i386.deb
60ddbed00cfa85f93ebf8f5ab8d49e79e728a77f 570440 wireshark-dev_1.0.3-1_i386.deb
Checksums-Sha256:
24b3273a0553424fa70d43163d869f8ce9c6beb245b8ed11131314386ad443bb 1470
wireshark_1.0.3-1.dsc
640bf50f7c05b627cfd86e78d8742050fc023c0c2931f14324d4b103cdde1ced 16782097
wireshark_1.0.3.orig.tar.gz
724389ea520ebae7b438d0dd337558c5951b3d6d7f971427ef711cfe74f2bbfe 47966
wireshark_1.0.3-1.diff.gz
cb041912d1afa7277e043b5d0abff23b1610bba32425208dbcb6bb6fd0bdd3e1 10124450
wireshark-common_1.0.3-1_i386.deb
cea07776221b1fb9c657d177424a24ab843cd98829c8436b433dd05da2a2839d 619504
wireshark_1.0.3-1_i386.deb
e765ec5a7d0f0d4a7822abe06051743307408266a1b3467b0ffec1470a6147c9 112054
tshark_1.0.3-1_i386.deb
22dbc1fe28c0d616e894a42bfacf282940898cbc19b57fd038e2d5aaaaf057fd 570440
wireshark-dev_1.0.3-1_i386.deb
Files:
afbf7901ef1ae29d44db50999c78fa0c 1470 net optional wireshark_1.0.3-1.dsc
ca48718f71d9bc1838fb44da872c1d14 16782097 net optional
wireshark_1.0.3.orig.tar.gz
6518ab8608d6f55341f55f32b0bdc56a 47966 net optional wireshark_1.0.3-1.diff.gz
40dd1e57d732a68ce17101c6384154ab 10124450 net optional
wireshark-common_1.0.3-1_i386.deb
f043dda7e5e299e6482ea5e7eb496c15 619504 net optional wireshark_1.0.3-1_i386.deb
d17de9e913197829c0de28def28ded06 112054 net optional tshark_1.0.3-1_i386.deb
2bbd083957aaca696723c2f4f1ceff8b 570440 devel optional
wireshark-dev_1.0.3-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjKd/gACgkQ0/r2+3z8lN0/GgCfRFVh+TiUaPcwnIPVq5+QEFhC
YgUAn1cBH1mgGXt5HmpNDTG6C4wHhAhm
=R7HL
-----END PGP SIGNATURE-----
--- End Message ---
