Summary: | net-analyzer/wireshark < 0.99.6 multiple vulnerabilities (CVE-2007-3389, 3390, 3391, 3392, 3393) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tony Vroon (RETIRED) <chainsaw> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bernd, carlo, netmon, ssuominen |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html | ||
Whiteboard: | B? [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tony Vroon (RETIRED)
2007-06-28 13:21:13 UTC
*** Bug 183521 has been marked as a duplicate of this bug. *** no reason to restrict this bug netmon please advise and patch as necessary. Bumped in CVS though I'd be happy for another pair of eyes first if all security issues are really fixed... Seems like mostly minor issues. Anyways. Arches please test and mark stable. Target keywords are: wireshark-0.99.6.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" pva has the patch for the --as-needed failure...so we could wait until he adds it... Back to ebuild awaiting patch. (In reply to comment #7) > Back to ebuild awaiting patch. > I've just fixed the issue with asneeded so it should be ok to proceed. sparc stable. alpha/ia64/x86 stable Stable on amd64. ppc64 stable Stable for HPPA. ppc stable - time for glsa voting although it's mainly minor issues like Jaervosz pointed out, there's still the off-by-one error, which means possible remote code execution, so I vote YES. I tend to vote YES. Two yes votes = glsa request. CVE-2007-3389 CVE-2007-3390 CVE-2007-3391 CVE-2007-3392 CVE-2007-3393 GLSA 200708-12! |