Comment 1 Jeroen Roovers (RETIRED) 2013-01-30 04:12:21 UTC

Arch teams, please test and mark stable:
=net-analyzer/wireshark-1.6.13
=net-analyzer/wireshark-1.8.5
Stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86

Comment 2 Agostino Sarubbo 2013-01-30 15:48:17 UTC

amd64 stable

Comment 3 Agostino Sarubbo 2013-01-30 15:48:56 UTC

x86 stable

Comment 4 Jeroen Roovers (RETIRED) 2013-01-30 18:33:07 UTC

Stable for HPPA.

Comment 5 Agostino Sarubbo 2013-01-31 23:01:09 UTC

ppc64 stable

Comment 6 Agostino Sarubbo 2013-02-03 17:57:08 UTC

ppc stable

Comment 7 GLSAMaker/CVETool Bot 2013-02-05 13:07:16 UTC

CVE-2013-1590 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1590):
  Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13
  and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service
  (application crash) via a malformed packet.

CVE-2013-1589 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1589):
  Double free vulnerability in epan/proto.c in the dissection engine in
  Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers
  to cause a denial of service (application crash) via a malformed packet.

CVE-2013-1588 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1588):
  Multiple buffer overflows in the dissect_pft_fec_detailed function in the
  DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x
  before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a
  denial of service (application crash) via a malformed packet.

CVE-2013-1587 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1587):
  The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the
  ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle
  unknown profiles, which allows remote attackers to cause a denial of service
  (application crash) via a malformed packet.

CVE-2013-1586 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1586):
  The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x
  before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length
  of a reassembled packet for the DTLS dissector, which allows remote
  attackers to cause a denial of service (application crash) via a malformed
  packet.

CVE-2013-1585 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1585):
  epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does
  not properly validate certain length values for the MS-MMC dissector, which
  allows remote attackers to cause a denial of service (application crash) via
  a malformed packet.

CVE-2013-1584 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1584):
  The dissect_version_5_and_6_primary_header function in
  epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before
  1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which
  allows remote attackers to cause a denial of service (application crash) via
  a malformed packet.

CVE-2013-1583 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1583):
  The dissect_version_4_primary_header function in
  epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before
  1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which
  allows remote attackers to cause a denial of service (application crash) via
  a malformed packet.

CVE-2013-1582 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1582):
  The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP
  dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not
  properly manage an offset variable, which allows remote attackers to cause a
  denial of service (infinite loop or application crash) via a malformed
  packet.

CVE-2013-1581 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1581):
  The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c
  in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before
  1.8.5 does not properly handle fragment gaps, which allows remote attackers
  to cause a denial of service (loop) via a malformed packet.

CVE-2013-1580 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1580):
  The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the
  DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before
  1.8.5 uses an incorrect data type for a position variable, which allows
  remote attackers to cause a denial of service (infinite loop) via a
  malformed packet.

CVE-2013-1579 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1579):
  The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the
  RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does
  not properly implement certain nested loops for processing bitmap data,
  which allows remote attackers to cause a denial of service (infinite loop)
  via a malformed packet.

CVE-2013-1578 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1578):
  The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in
  Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly
  handle apparent Ethernet address values at the beginning of MPLS data, which
  allows remote attackers to cause a denial of service (loop) via a malformed
  packet.

CVE-2013-1577 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1577):
  The dissect_sip_p_charging_func_addresses function in
  epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before
  1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data
  associated with a quoted string, which allows remote attackers to cause a
  denial of service (infinite loop) via a malformed packet.

CVE-2013-1576 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1576):
  The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in
  the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5
  does not properly process crypto-suite parameters, which allows remote
  attackers to cause a denial of service (infinite loop) via a malformed
  packet.

CVE-2013-1575 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1575):
  The dissect_r3_cmd_alarmconfigure function in
  epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x
  before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain
  alarm length, which allows remote attackers to cause a denial of service
  (infinite loop) via a malformed packet.

CVE-2013-1574 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1574):
  The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c
  in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x
  before 1.8.5 uses an incorrect data type for a counter variable, which
  allows remote attackers to cause a denial of service (infinite loop) via a
  malformed packet.

CVE-2013-1573 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1573):
  The csnStreamDissector function in epan/dissectors/packet-csn1.c in the
  CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does
  not properly handle a large number of padding bits, which allows remote
  attackers to cause a denial of service (infinite loop) via a malformed
  packet.

CVE-2013-1572 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1572):
  The dissect_oampdu_event_notification function in
  epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols
  dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not
  properly handle certain short lengths, which allows remote attackers to
  cause a denial of service (infinite loop) via a malformed packet.

Comment 8 Agostino Sarubbo 2013-02-06 19:46:19 UTC

sparc stable

Comment 9 Agostino Sarubbo 2013-02-08 16:46:40 UTC

alpha stable

Comment 10 Agostino Sarubbo 2013-02-09 20:12:36 UTC

ia64 stable

Comment 11 Sean Amoss (RETIRED) 2013-03-11 22:46:22 UTC

GLSA vote: no

Comment 12 Sergey Popov 2013-08-28 06:10:04 UTC

GLSA vote: no

Closing as noglsa