Summary: | <net-analyzer/wireshark-2.4.2: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aleksandr Wagner (Kivak) <alwag> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | netmon |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=635686 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-analyzer/wireshark-2.4.3-r1
=media-libs/spandsp-0.0.6_pre12-r1
|
Runtime testing required: | --- |
Bug Depends on: | 635686 | ||
Bug Blocks: | 625474, 634872, 635546 |
Description
Aleksandr Wagner (Kivak)
2017-08-30 12:03:00 UTC
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. net-analyzer/wireshark-2.4.1-r3 - In tree. 2.2.x is still vulnerable. Latest upstream is 2.2.10. Please bump that branch or let us know if you intend to drop 2.2.x in favor of the latest stable versions in the 2.4.x branch. (In reply to Aaron Bauman from comment #2) > 2.2.x is still vulnerable. Latest upstream is 2.2.10. Please bump that > branch or let us know if you intend to drop 2.2.x in favor of the latest > stable versions in the 2.4.x branch. Help yourselves. Keywords for net-analyzer/wireshark: | a a a h i p p x a m m n r s s s | e u s | r | l m r p a p p 8 r i 6 i i 3 h p | a n l | e | p d m p 6 c c 6 m p 8 o s 9 a | p u o | p | h 6 a 4 6 6 s k s c 0 r | i s t | o | a 4 4 4 2 v c | e | | | d | ---------+---------------------------------+----------------+------- 2.2.7 | + + + + + + + + o o o o o o o + | 6 o 0/2.2.7 | gentoo ---------+---------------------------------+----------------+------- [I]2.4.2 | o + ~ + o ~ ~ + ~ o o o o o o o | 6 o 0/2.4.2 | gentoo ---------+---------------------------------+----------------+------- 99999999 | o o o o o o o o o o o o o o o o | 6 o 0/99999999 | gentoo (In reply to Jeroen Roovers from comment #1 from bug 635546) > Bug #625474 net-analyzer/wireshark: Multiple Vulnerabilities > Bug #629370 net-analyzer/wireshark: multiple vulnerabilities > Bug #629454 net-analyzer/wireshark: Modbus dissector crash (wnpa-sec-2017-40) > Bug #634872 net-analyzer/wireshark: Multiple vulnerabilities > (Bug #635546 net-analyzer/wireshark: Multiple vulnerabilities) > > It's so confusing without versions, isn't it? Now of which of these is this > bug report a duplicate? Now the only version needed is wireshark 2.2.10, with that you'll be able to close all other reports, if you don't want to bump that version you can stabilize 2.4.x. Thank you (In reply to Christopher Díaz from comment #4) > Now the only version needed is wireshark 2.2.10, with that you'll be able to > close all other reports, if you don't want to bump that version you can > stabilize 2.4.x. We don't "need" 2.2.x at all. The 2.4 branch was promoted to stable in July. (In reply to Jeroen Roovers from comment #5) > (In reply to Christopher Díaz from comment #4) > > Now the only version needed is wireshark 2.2.10, with that you'll be able to > > close all other reports, if you don't want to bump that version you can > > stabilize 2.4.x. > > We don't "need" 2.2.x at all. The 2.4 branch was promoted to stable in July. I think that is quite obvious to all of us. The problem is, we don't just drop maintainer owned packages because we feel like it. So if you don't mind dropping 2.2.x then we can move forward. If you want me to do it then so be it. (In reply to Aaron Bauman from comment #6) > The problem is, we don't just > drop maintainer owned packages because we feel like it. So if you don't > mind dropping 2.2.x then we can move forward. If you want me to do it then > so be it. Why don't you stabilise 2.4.2? @arches, please stabilize. 2.2.x branch will be dropped when we move to cleanup. An automated check of this bug failed - repoman reported dependency errors:
> dependency.bad net-analyzer/wireshark/wireshark-2.4.2.ebuild: DEPEND: arm(default/linux/arm/13.0) ['media-libs/spandsp']
> dependency.bad net-analyzer/wireshark/wireshark-2.4.2.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['media-libs/spandsp']
ppc64 stable ppc stable arm stable, all arches done. An automated check of this bug failed - repoman reported dependency errors (7 lines truncated):
> dependency.bad net-analyzer/wireshark/wireshark-2.4.2.ebuild: DEPEND: ia64(default/linux/ia64/13.0) ['app-arch/snappy']
> dependency.bad net-analyzer/wireshark/wireshark-2.4.2.ebuild: RDEPEND: ia64(default/linux/ia64/13.0) ['app-arch/snappy']
> dependency.bad net-analyzer/wireshark/wireshark-2.4.2.ebuild: DEPEND: ia64(default/linux/ia64/13.0/desktop) ['app-arch/snappy']
ia64 stable 2.2.x has been dekeyworded for all arches except alpha. Cleanup of that version will be tracked in a newer bug. |