Your message dated Sun, 19 Aug 2012 15:20:50 +0000 with message-id <e1t37j4-0004ce...@franck.debian.org> and subject line Bug#680056: fixed in wireshark 1.8.2-1 has caused the Debian Bug report #680056, regarding wireshark: CVE-2012-4048: PPP dissector crash/segfault to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 680056: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680056 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: wireshark Version: 1.8.0-1 Severity: important -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Attempting to load a usbmon dump previously captured by wireshark version 1.6.8-1 results in a segfault: bjorn@nemi:~$ wireshark -r docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump Segmentation fault The dump is of some size, but not that big: bjorn@nemi:~$ file docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump: tcpdump capture file (little-endian) - version 2.4, capture length 65535) bjorn@nemi:~$ ls -lh docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump -r--r--r-- 1 bjorn bjorn 41M May 22 17:47 docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump tshark is able to read the file, but seems to truncate the output without crashing: bjorn@nemi:~$ tshark -r docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump|head 1 0.000000 host 20.0 USB URB_CONTROL out 2 0.003208 20.0 host USB URB_CONTROL out 3 0.005203 20.5 host USB URB_INTERRUPT in 4 0.005214 host 20.0 USB URB_CONTROL in 5 0.005223 host 20.5 USB URB_INTERRUPT in 6 0.006204 20.0 host USB URB_CONTROL in 7 0.032426 host 20.0 USB URB_CONTROL out 8 0.035215 20.0 host USB URB_CONTROL out 9 0.039213 20.5 host USB URB_INTERRUPT in 10 0.039221 host 20.0 USB URB_CONTROL in bjorn@nemi:~$ tshark -r docs/hardware/sierra/mc7710/mc7710-firmware-upgrade-usbmon.dump|tail 56313 132.172335 1.0 host USBHUB GET_STATUS Response 56314 132.227996 host 1.0 USBHUB CLEAR_FEATURE Request 56315 132.228010 1.0 host USBHUB CLEAR_FEATURE Response 56316 132.228017 host 0.0 USB SET ADDRESS Request 56317 132.228583 0.0 host USB SET ADDRESS Response 56318 132.247976 host 23.0 USB GET DESCRIPTOR Request DEVICE 56319 132.248578 23.0 host USB GET DESCRIPTOR Response DEVICE 56320 132.248616 host 23.0 USB GET DESCRIPTOR Request CONFIGURATION 56321 132.249577 23.0 host USB GET DESCRIPTOR Response CONFIGURATION 56322 132.249bjorn@nemi:~$ I did not notice any of these problems when using this file with wireshark version 1.6.8-1 Bjørn - -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (700, 'stable'), (600, 'unstable'), (500, 'stable-updates'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.5.0-rc2+ (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages wireshark depends on: ii libc6 2.13-33 ii libcairo2 1.12.2-2 ii libgdk-pixbuf2.0-0 2.26.1-1 ii libglib2.0-0 2.32.3-1 ii libgtk2.0-0 2.24.10-1 ii libpango1.0-0 1.30.0-1 ii libpcap0.8 1.3.0-1 ii libportaudio2 19+svn20111121-1 ii libwireshark2 1.8.0-1 ii libwiretap2 1.8.0-1 ii libwsutil2 1.8.0-1 ii wireshark-common 1.8.0-1 ii zlib1g 1:1.2.7.dfsg-13 wireshark recommends no packages. wireshark suggests no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk/yrlQACgkQ10rqkowbIsmCSgCfScif2UQlQ+OzAegv3A+yUn2D 6w0AoIJp/HMrDdqYqN0MvSc5OpA+L371 =CA+H -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: wireshark Source-Version: 1.8.2-1 We believe that the bug you reported is fixed in the latest version of wireshark, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 680...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Balint Reczey <bal...@balintreczey.hu> (supplier of updated wireshark package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 19 Aug 2012 14:30:56 +0200 Source: wireshark Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg wireshark-doc libwireshark2 libwsutil2 libwsutil-dev libwireshark-data libwireshark-dev libwiretap2 libwiretap-dev Architecture: source all i386 Version: 1.8.2-1 Distribution: unstable Urgency: high Maintainer: Balint Reczey <bal...@balintreczey.hu> Changed-By: Balint Reczey <bal...@balintreczey.hu> Description: libwireshark-data - network packet dissection library -- data files libwireshark-dev - network packet dissection library -- development files libwireshark2 - network packet dissection library -- shared library libwiretap-dev - network packet capture library -- development files libwiretap2 - network packet capture library -- shared library libwsutil-dev - network packet dissection utilities library -- shared library libwsutil2 - network packet dissection utilities library -- shared library tshark - network traffic analyzer - console version wireshark - network traffic analyzer - GTK+ version wireshark-common - network traffic analyzer - common files wireshark-dbg - network traffic analyzer - debug symbols wireshark-dev - network traffic analyzer - development tools wireshark-doc - network traffic analyzer - documentation Closes: 680056 Changes: wireshark (1.8.2-1) unstable; urgency=high . * New upstream release 1.8.2 (skipping 1.8.1 in Debian) - release notes: http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html - security fixes: - The PPP dissector could crash (Closes: #680056)(CVE-2012-4048) - The NFS dissector could use excessive amounts of CPU (CVE-2012-4049) - The DCP ETSI dissector could trigger a zero division. Reported by Laurent Butti. (CVE-2012-4285) - The MongoDB dissector could go into a large loop. Reported by Ben Schmidt. (CVE-2012-4287) - The XTP dissector could go into an infinite loop. Reported by Ben Schmidt. (CVE-2012-4288) - The ERF dissector could overflow a buffer. Reported by Laurent Butti. (CVE-2012-4294 CVE-2012-4295) - The AFP dissector could go into a large loop. Reported by Stefan Cornelius. (CVE-2012-4289) - The RTPS2 dissector could overflow a buffer. Reported by Laurent Butti. (CVE-2012-4296) - The GSM RLC MAC dissector could overflow a buffer. Reported by Laurent Butti. (CVE-2012-4297) - The CIP dissector could exhaust system memory. Reported by Ben Schmidt. (CVE-2012-4291) - The STUN dissector could crash. Reported by Laurent Butti. (CVE-2012-4292) - The EtherCAT Mailbox dissector could abort. Reported by Laurent Butti. (CVE-2012-4293) - The CTDB dissector could go into a large loop. Reported by Ben Schmidt. (CVE-2012-4290) - The pcap-ng file parser could trigger a zero division (CVE-2012-4286) - The Ixia IxVeriWave file parser could overflow a buffer (CVE-2012-4298) Checksums-Sha1: 822d88c9e43d6e102d504deb74647b1ccbeb26a2 2288 wireshark_1.8.2-1.dsc 4737d9745dbf002444ea42615243abf3bb80b943 24121798 wireshark_1.8.2.orig.tar.bz2 86f005ed637edd320e7ba9a31041876d70bee1ad 59702 wireshark_1.8.2-1.debian.tar.gz 1667fb9bada7a163ce4b20b26fba41f7398df8e5 3883092 wireshark-doc_1.8.2-1_all.deb 3950390de808b555a03ed3c5ce8a44c68920d6d5 1221878 libwireshark-data_1.8.2-1_all.deb f0ac42b07409870529b2a81633e983d8ab82fa46 226848 wireshark-common_1.8.2-1_i386.deb c88dcaa4eeba25a3ee1cb08f4805ed97ef44a100 950268 wireshark_1.8.2-1_i386.deb 926a24f0fdae32b7b3b9f508b93c8349ec116130 179328 tshark_1.8.2-1_i386.deb db86b5cda5c1e7b62af646c75c4ace89fd89f861 177286 wireshark-dev_1.8.2-1_i386.deb 450ee079a932293bf5d561fb10f233dd1ddc6af8 25970680 wireshark-dbg_1.8.2-1_i386.deb d9e4cae8f88d71c1dee17e0ce0cca92301740d4d 11206524 libwireshark2_1.8.2-1_i386.deb f8cd8aa0807c70d430e2f082e058faec441ab5fa 49716 libwsutil2_1.8.2-1_i386.deb 0c71adb29c76cc030e94b0461ece550f2f6082ef 49108 libwsutil-dev_1.8.2-1_i386.deb 4418de003c1c440b5d479398bc0c3a9664034e7a 905700 libwireshark-dev_1.8.2-1_i386.deb 9b1d722dd375b54382eeaaaef2110beaed7a1f5c 196954 libwiretap2_1.8.2-1_i386.deb 39058c4493b7cf8bbdd24d6b1925212b0c053d1e 69760 libwiretap-dev_1.8.2-1_i386.deb Checksums-Sha256: 031c355998ff0f0f789f35ad96e335044ed725464c35099903174f9d420ac75a 2288 wireshark_1.8.2-1.dsc 3f0e688d889345033e0a7e4f36aea78248e5c7b32d0dfc19eac044188aac11cc 24121798 wireshark_1.8.2.orig.tar.bz2 0277170fcb3d4e4a95de0479c9e9c5d32f88f77f8f656eb1b29ae17ceaaa6cbd 59702 wireshark_1.8.2-1.debian.tar.gz 88888bacae7cc940364d0666813c106cba4baf599b2a872c8a1259fdcfb452c1 3883092 wireshark-doc_1.8.2-1_all.deb 43ae708437ea0123f6b8c7cd708a9bf168a75a2ac60270550c1a0087d1523122 1221878 libwireshark-data_1.8.2-1_all.deb 7ef02aa9fa417bbd50652d932ff865069e2bc54ecf7e607b9843a6301fea69a1 226848 wireshark-common_1.8.2-1_i386.deb add14c71f58e8b962ceedb6319d2350be71a3d3e6465af264c4346bd411e0512 950268 wireshark_1.8.2-1_i386.deb 69f4c00140237e6b2c5d0a75c50a2a634d33e5e6dc2e2a2b8d7edb015660ed04 179328 tshark_1.8.2-1_i386.deb dc1ead7893e4f62f0810979710df42893fe7dd93176a1cdd969adac16ad1c58c 177286 wireshark-dev_1.8.2-1_i386.deb 35f185c9206f4a480f59085519c6aebe2295363cc831704189f4469a4bab565f 25970680 wireshark-dbg_1.8.2-1_i386.deb 62ca143e44f62736f344737707edcbac2a53f91030f87b7b5d939120eb1ef794 11206524 libwireshark2_1.8.2-1_i386.deb c0a6fc5bdb852bcd0ede2a8d23d83939f4b1c824a42399eb7cf2e94802e0b8e5 49716 libwsutil2_1.8.2-1_i386.deb cf7466868010fbd4db73e55ff6bc07730a92895d5d9222b2b0b50bba8e51c76f 49108 libwsutil-dev_1.8.2-1_i386.deb 095a594a604068bc21f4da32e55550df3da7fa17df05587576b7c684b1323ecb 905700 libwireshark-dev_1.8.2-1_i386.deb 3db5e903f117e4c033b91442d0ec9271bca79ffdfffbace4dd2e70ab6f271549 196954 libwiretap2_1.8.2-1_i386.deb edfab12f4f711c8476186ad0f4c8367097bc707febf85f59f292d75ad413c433 69760 libwiretap-dev_1.8.2-1_i386.deb Files: 10d51f156b53a40a1b8754139507ce31 2288 net optional wireshark_1.8.2-1.dsc 5e3ea7eed50dace479e12f49d24506f4 24121798 net optional wireshark_1.8.2.orig.tar.bz2 5c351d6b791dc107462191c3b62814db 59702 net optional wireshark_1.8.2-1.debian.tar.gz 046c42ca9945ee04cf3df99cb84bfce9 3883092 doc extra wireshark-doc_1.8.2-1_all.deb 90d4cc5883169ca634a797d087010796 1221878 libs optional libwireshark-data_1.8.2-1_all.deb 755325054d4df1b0ce006154bb2dbc44 226848 net optional wireshark-common_1.8.2-1_i386.deb 5ffcf6f3ccd2a2e7bd649c37be741517 950268 net optional wireshark_1.8.2-1_i386.deb 03ed5b618c51ed35360b42efd888e450 179328 net optional tshark_1.8.2-1_i386.deb 06fa6bd9a1b0303b75da18e25a1add64 177286 devel optional wireshark-dev_1.8.2-1_i386.deb 157204f4643389636ceff9410af2b3f3 25970680 debug extra wireshark-dbg_1.8.2-1_i386.deb 8310f26593ab4fdb07d463449cbf9b23 11206524 libs optional libwireshark2_1.8.2-1_i386.deb 4a8c76df377b983659761b57b40e7c31 49716 libs optional libwsutil2_1.8.2-1_i386.deb dce21393ebda942902c444b5814928dc 49108 libdevel optional libwsutil-dev_1.8.2-1_i386.deb fe24f84a78185cf0c8a4c1ea62eefee9 905700 libdevel optional libwireshark-dev_1.8.2-1_i386.deb bdd8e15969ff1a3240571c27d54d86f5 196954 libs optional libwiretap2_1.8.2-1_i386.deb 8b616d43229fd3634e980b4063ba0ddf 69760 libdevel optional libwiretap-dev_1.8.2-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFQMPvbmSuMdaVnTsERApbVAKCCZH1qX+j/0QItfRX+ix6SbSsXEwCcCYm6 0oQHnGvm8lZKU7ZaaNgNT2A= =jCOf -----END PGP SIGNATURE-----
--- End Message ---
