http://www.wireshark.org/security/wnpa-sec-2010-02.html Babi discovered several buffer overflows in the LWRES dissector. Versions affected: 0.9.15 to 1.0.10, 1.2.0 to 1.2.5 Impact It may be possible to make Wireshark crash remotely or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 1.2.6 or later.
And new version is in the tree. Arch teams, please, stabilize.
ppc64 done
ppc done
Stable for HPPA.
alpha/ia64/sparc/x86 stable
amd64 done too.
CVE-2010-0304 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0304): Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
Sounds like an app crash to me. GLSA vote: NO.
Closing noglsa.