Ethereal 0.10.10 is scheduled to be released on Thursday, March 10. It addresses the following security issues: The Etheric dissector was susceptible to a buffer overflow. Versions affected: 0.10.7 to 0.10.9 Fixed in revision: 13176 The GPRS-LLC dissector could crash if the "ignore cipher bit" option was enabled. Versions affected: 0.10.7 to 0.10.9 Fixed in revisions: 13386 (further improvements in 13549 and 13571) The 3GPP2 A11 dissector was susceptible to a buffer overflow. Versions affected: 0.10.3 to 0.10.9 Fixed in revision: 1357
Ccing eldad and dragonheart as recent version bumpers. This is still confidential, official release of 0.10.10 is Thursday at 3:00PM CST (21:00 UTC). Will one of you be around to check and commit the new version then ?
public @ http://www.securityfocus.com/archive/1/392659
eldad is away until april -> uncc'ing.
CVE ids assigned: CAN-2005-0704 Etheric CAN-2005-0705 GPRS-LLC CAN-2005-0699 3GPP2 A11
Another issue popped up so the release date is changed to: March 11 17:00 GMT. The IAPP dissector is vulnerable to a buffer overflow. Versions affected: 0.9.1 to 0.9.9
Daniel, I've stayed up long enough waiting... gotta get some sleep. Good news is I've done all the work for ya (working from a svn snapshot of the 0.10.10 branch from about an hour or two ago). The only patch in the previous ebuild is no longer required. Modified ebuild is attached.
Created attachment 53190 [details] ethereal-0.10.10.ebuild
*sigh* nevermind. Got the announcement in my mailbox right after I pressed "Commit". Going to build with the official tarball and make sure everything is still ok.
In CVS, stable on x86. Will the CC'd archs please mark stable?
stable on amd64
Stable on alpha.
Stable on ppc.
stable on ppc64
sparc done.
GLSA 200503-16 ia64, please mark stable to benefit from GLSA.