Ok, it's a sync now...pushing it to archive-admins...
** Description changed: + Dear Archive Admins, + + please sync: + + source: wireshark + version 1.0.0-1 + from: debian unstable + + FFe Approval is below... + + ---------------------- + Binary package hint: wireshark This is a feature freeze exception request (per Bug #210687) to get the 1.0.0-1 release of wireshark into the Hardy Heron repositories (the current version is 0.99.8-1). Wireshark 1.0 has been released on March 31, 2008 and includes several important security fixes. The correspoding CVEs can be found at: http://www.wireshark.org/security/wnpa-sec-2008-02.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1563 wireshark (1.0.0-1) unstable; urgency=low * Several security issues were solved in 0.99.7 already: (closes: #452381) * allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector (CVE-2007-6111) * Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. (CVE-2007-6112) * Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP packet (CVE-2007-6113) * Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser (CVE-2007-6114) * Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. (CVE-2007-6115) * The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. (CVE-2007-6116) * Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote attack vectors related to chunked messages. (CVE-2007-6117) * The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. (CVE-2007-6118) * The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. (CVE-2007-6119) * The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. (CVE-2007-6120) * Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. (CVE-2007-6121) * current wireshark has SSL support (closes: #172939) * and H323 support (closes: #117201) * resizing columns bugfix was applied last year (closes: #369044) * new upstream release 1.0.0 http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html * remove debian/ directory from upstream * update 14_disable-cmip.dpatch. * if wireshark has no priv, it now prints: dumpcap: There are no interfaces on which a capture can be done (closes: #468400) * wireshark uses su-to-root now (closes: #472478) * vulnerabilities fixed: * The X.509sat and other dissector could crash (CVE-2008-1561) * The LDAP dissector could crash on Windows and other platforms. (CVE-2008-1562) * The SCCP dissector could crash while using the "decode as" feature (CVE-2008-1563) -- Joost Yervante Damad <[EMAIL PROTECTED]> Tue, 01 Apr 2008 19:48:19 +0200 Packages are available from Debian sid (http://packages.debian.org/sid/wireshark). ** Tags added: ffe sync ** Changed in: wireshark (Ubuntu) Importance: Undecided => Wishlist -- FFe for inclusion of wireshark 1.0.0-1 into Hardy https://bugs.launchpad.net/bugs/211057 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
