Bug#364758: marked as done (Upstream release 0.99.0 fixes several bugs and security issues)

Debian Bug Tracking System Wed, 10 May 2006 11:52:48 -0700

Your message dated Wed, 10 May 2006 20:38:59 +0200
with message-id <[EMAIL PROTECTED]>
and subject line fixed in 0.99.0-1
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: ethereal
Version: 0.10.14-2
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The new upstream release version 0.99.0 fixes several bugs and
vulnerabilities. The release notes and the application advisory contain
more information (CVE numbers can be found there too):

http://www.ethereal.com/docs/release-notes/ethereal-0.99.0.html
http://www.ethereal.com/appnotes/enpa-sa-00023.html

Severity was intially set to grave because of the mass of security
issues. Please do a closer check.

Regards, Daniel


- -- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (110, 
'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15.08060320
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)

Versions of packages ethereal depends on:
ii  ethereal-comm 0.10.14-2                  network traffic analyser (common f
ii  libadns1      1.1-4                      Asynchronous-capable DNS client li
ii  libatk1.0-0   1.11.4-1                   The ATK accessibility toolkit
ii  libc6         2.3.6-7                    GNU C Library: Shared libraries
ii  libcairo2     1.0.4-1+b1                 The Cairo 2D vector graphics libra
ii  libcap1       1:1.10-14                  support for getting/setting POSIX.
ii  libcomerr2    1.38+1.39-WIP-2006.04.09-1 common error description library
ii  libfontconfig 2.3.2-5.1                  generic font configuration library
ii  libglib2.0-0  2.10.2-1                   The GLib library of C routines
ii  libgtk2.0-0   2.8.17-1                   The GTK+ graphical user interface 
ii  libkrb53      1.4.3-6                    MIT Kerberos runtime libraries
ii  libpango1.0-0 1.12.1-2                   Layout and rendering of internatio
ii  libpcap0.8    0.9.4-1                    System interface for user-level pa
ii  libpcre3      6.4-1.1                    Perl 5 Compatible Regular Expressi
ii  libx11-6      2:1.0.0-6                  X11 client-side library
ii  libxcursor1   1.1.5.2-5                  X cursor management library
ii  libxext6      1:1.0.0-4                  X11 miscellaneous extension librar
ii  libxi6        1:1.0.0-5                  X11 Input extension library
ii  libxinerama1  1:1.0.1-4                  X11 Xinerama extension library
ii  libxrandr2    2:1.1.0.2-4                X11 RandR extension library
ii  libxrender1   1:0.9.0.2-4                X Rendering Extension client libra
ii  zlib1g        1:1.2.3-11                 compression library - runtime

Versions of packages ethereal recommends:
ii  gksu                          1.3.7-1    graphical frontend to su

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFETi09dg0kG0+YFBERAn9+AJ42Rdt/QJN1YNr9Y/+7yGTwLntdngCeKXDa
4AeCn2438U7jYX30z3H8dwo=
=Nta+
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Version: 0.99.0-1

Ethereal 0.99.0 has been uploaded to unstable on May 1st with the
following changelog entry:

ethereal (0.99.0-1) unstable; urgency=high

  * New upstream release (urgency high since it fixes security issues;
    see http://www.ethereal.com/appnotes/enpa-sa-00023.html advisory)
    * crash in H.248 dissector (CVE-2006-1937)
    * infinite loop in UMA dissector (CVE-2006-1933)
    * crash in X.509if dissector (CVE-2006-1937)
    * crash in SRVLOC dissector (CVE-2006-1937)
    * crash in H.245 dissector (CVE-2006-1937)
    * off-by-one error in OID printing routine (CVE-2006-1932)
    * buffer overflow in COPS dissector (CVE-2006-1935)
    * buffer overflow in ALCAP dissector (CVE-2006-1934)
    * crash in statistics counter (CVE-2006-1937)
    * crash with malformed capture (CVE-2006-1938)
    * crash with invalid display filter (CVE-2006-1939)
    * crash in general packet dissector (CVE-2006-1937)
    * crash in AIM dissector (CVE-2006-1937)
    * crash in RPC dissector (CVE-2006-1939)
    * crash in DCERPC dissector (CVE-2006-1939)
    * crash in ASN.1 dissector (CVE-2006-1939)
    * crash in SMB PIPE dissector (CVE-2006-1938)
    * excessive loop in BER dissector (CVE-2006-1933)
    * abort in SNDCP dissector (CVE-2006-1940)
    * buffer overrun in Network Instruments file code (CVE-2006-1934)
    * buffer overrun in NetXray/Windows Sniffer file code (CVE-2006-1934)
    * crash in GSM SMS dissector (CVE-2006-1939)
    * buffer overrun in ALCAP dissector (CVE-2006-1934)
    * buffer overrun in telnet dissector (CVE-2006-1936)
    * crash in ASN.1 based dissectors (CVE-2006-1939)
    * crash in DCERPC NT dissector (CVE-2006-1939)
    * crash in PER dissector (CVE-2006-1939)
  * debian/patches/04_drop-capabilities.dpatch: updated.
  * debian/control: added build-depends on libgnutls-dev since libgnutls can
    now be used for SSL support.

 -- Frederic Peters <[EMAIL PROTECTED]>  Mon,  1 May 2006 14:50:42 +0200

--- End Message ---

Bug#364758: marked as done (Upstream release 0.99.0 fixes several bugs and security issues)

Reply via email to