Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 878421 (CVE-2022-3725, WNPA-SEC-2022-07) - <net-analyzer/wireshark-3.6.9: OPUS dissector crash
Summary: <net-analyzer/wireshark-3.6.9: OPUS dissector crash
Status: RESOLVED FIXED
Alias: CVE-2022-3725, WNPA-SEC-2022-07
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 885125
Blocks:
  Show dependency tree
 
Reported: 2022-10-27 05:12 UTC by Sam James
Modified: 2023-09-17 05:27 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-10-27 05:12:15 UTC
https://www.wireshark.org/security/wnpa-sec-2022-07 - OPUS dissector crash. Issue 18378.
https://www.wireshark.org/security/wnpa-sec-2022-08 - USB-HID dissector crash on Windows. Issue 18384. (doesn't affect us obviously)
Comment 1 Larry the Git Cow gentoo-dev 2022-10-27 05:31:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7aa3dba653168eac02da600ae3ade63da4f7b77

commit b7aa3dba653168eac02da600ae3ade63da4f7b77
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-10-27 05:17:50 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-27 05:19:48 +0000

    net-analyzer/wireshark: add 3.6.9
    
    Bug: https://bugs.gentoo.org/878421
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 +
 net-analyzer/wireshark/wireshark-3.6.9.ebuild | 269 ++++++++++++++++++++++++++
 2 files changed, 270 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2022-12-12 15:56:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ebb910bf51dc2d2d4745d43d5b7568765bb1da60

commit ebb910bf51dc2d2d4745d43d5b7568765bb1da60
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-12-12 02:02:05 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-12-12 15:55:26 +0000

    net-analyzer/wireshark: drop 3.6.8
    
    Bug: https://bugs.gentoo.org/878421
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 -
 net-analyzer/wireshark/wireshark-3.6.8.ebuild | 269 --------------------------
 2 files changed, 270 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2023-09-17 05:26:35 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=e8a30f50018451e44407895ded131a11d1108b4d

commit e8a30f50018451e44407895ded131a11d1108b4d
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-09-17 05:24:05 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-09-17 05:26:26 +0000

    [ GLSA 202309-02 ] Wireshark: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/878421
    Bug: https://bugs.gentoo.org/899548
    Bug: https://bugs.gentoo.org/904248
    Bug: https://bugs.gentoo.org/907133
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202309-02.xml | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)