Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 183520
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Tony Vroon <chainsaw@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 183520 depends on: Show dependency tree
Bug 183520 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-06-28 13:21 0000 
#

Wireshark could crash when dissecting an HTTP chunked response. (Bug 1394)

Versions affected: 0.99.5

#

On some systems, Wireshark could crash while reading iSeries capture files.
(Bug 1415)

Versions affected: 0.10.14 to 0.99.5

#

Wireshark could exhaust system memory while reading a malformed DCP ETSI
packet. (Bug 1264)

Versions affected: 0.99.5

#

Wireshark could loop excessively while reading a malformed SSL packet. (Bug
1582)

Versions affected: ?

#

The DHCP/BOOTP dissector was susceptible to an off-by-one error. (Bug 1416)

Versions affected: ?

#

Wireshark could loop excessively while reading a malformed MMS packet. (Bug
1382)

Versions affected: ?

------- Comment #1 From Carsten Lohrke 2007-06-28 13:36:32 0000 ------- 
*** Bug 183521 has been marked as a duplicate of this bug. ***

------- Comment #2 From Carsten Lohrke 2007-06-28 14:45:03 0000 ------- 
no reason to restrict this bug

------- Comment #3 From Sune Kloppenborg Jeppesen 2007-06-29 21:11:36 0000 ------- 
netmon please advise and patch as necessary.

------- Comment #4 From Markus Ullmann 2007-07-06 16:11:39 0000 ------- 
Bumped in CVS though I'd be happy for another pair of eyes first if all
security issues are really fixed...

------- Comment #5 From Sune Kloppenborg Jeppesen 2007-07-15 07:46:36 0000 ------- 
Seems like mostly minor issues. Anyways.

Arches please test and mark stable. Target keywords are:

wireshark-0.99.6.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86
~x86-fbsd"

------- Comment #6 From Raúl Porcel 2007-07-15 16:48:58 0000 ------- 
pva has the patch for the --as-needed failure...so we could wait until he adds
it...

------- Comment #7 From Sune Kloppenborg Jeppesen 2007-07-15 18:08:06 0000 ------- 
Back to ebuild awaiting patch.

------- Comment #8 From Samuli Suominen 2007-07-15 20:27:38 0000 ------- 
(In reply to comment #7)
> Back to ebuild awaiting patch.
> 

I've just fixed the issue with asneeded so it should be ok to proceed.

------- Comment #9 From Gustavo Zacarias (RETIRED) 2007-07-16 15:34:12 0000 ------- 
sparc stable.

------- Comment #10 From Raúl Porcel 2007-07-16 16:45:19 0000 ------- 
alpha/ia64/x86 stable

------- Comment #11 From Marcus D. Hanwell 2007-07-16 18:57:01 0000 ------- 
Stable on amd64.

------- Comment #12 From Markus Rothe 2007-07-16 18:59:05 0000 ------- 
ppc64 stable

------- Comment #13 From Jeroen Roovers 2007-07-16 22:38:31 0000 ------- 
Stable for HPPA.

------- Comment #14 From Tobias Scherbaum 2007-07-20 18:31:40 0000 ------- 
ppc stable - time for glsa voting

------- Comment #15 From Pierre-Yves Rofes 2007-07-20 20:57:29 0000 ------- 
although it's mainly minor issues like Jaervosz pointed out, there's still the
off-by-one error, which means possible remote code execution, so I vote YES.

------- Comment #16 From Sune Kloppenborg Jeppesen 2007-07-22 07:33:26 0000 ------- 
I tend to vote YES.

------- Comment #17 From Matt Drew 2007-07-24 10:55:44 0000 ------- 
Two yes votes = glsa request.

CVE-2007-3389
CVE-2007-3390
CVE-2007-3391
CVE-2007-3392
CVE-2007-3393

------- Comment #18 From Raphael Marichez 2007-08-16 22:06:11 0000 ------- 
GLSA 200708-12!
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug