Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 716756 (CVE-2020-11647, wnpa-sec-2020-07)

Summary: <net-analyzer/wireshark-3.2.3: The BACapp dissector could crash (CVE-2020-11647)
Product: Gentoo Security Reporter: Jeroen Roovers (RETIRED) <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: netmon
Priority: Normal Flags: nattka: sanity-check-
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.wireshark.org/lists/wireshark-announce/202004/msg00000.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=673486
Whiteboard: B3 [glsa+ cve]
Package list:
=net-analyzer/wireshark-3.2.3
Runtime testing required: ---
Bug Depends on: 724132, 730414    
Bug Blocks:    

Description Jeroen Roovers (RETIRED) gentoo-dev 2020-04-09 06:38:10 UTC
Bug Fixes

   The following vulnerabilities have been fixed:

     • wnpa-sec-2020-07[2] The BACapp dissector could crash. Bug
       16474[3]. CVE-2020-11647[4].
Comment 1 Larry the Git Cow gentoo-dev 2020-04-09 06:39:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=037d0a5b3137fe73d7b25ea53aee56a61619defa

commit 037d0a5b3137fe73d7b25ea53aee56a61619defa
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2020-04-09 06:39:20 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2020-04-09 06:39:40 +0000

    net-analyzer/wireshark: Version 3.2.3
    
    Package-Manager: Portage-2.3.97, Repoman-2.3.22
    Bug: https://bugs.gentoo.org/716756
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 +
 net-analyzer/wireshark/wireshark-3.2.3.ebuild | 249 ++++++++++++++++++++++++++
 2 files changed, 250 insertions(+)
Comment 2 Agostino Sarubbo gentoo-dev 2020-04-13 15:52:10 UTC
This is an automatic message.

@maintainer(s):
I'm getting test-failure(s) (that were already reported) on amd64. If you want the package to pass my CI environment and got stabilized, please carry out the necessary operations to make sure that src_test() won't fail.
Thanks.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2020-04-26 23:49:05 UTC
x86 stable
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-02 02:29:32 UTC
(In reply to Agostino Sarubbo from comment #2)
> @maintainer(s):
> I'm getting test-failure(s) (that were already reported) on amd64. If you
> want the package to pass my CI environment and got stabilized, please carry
> out the necessary operations to make sure that src_test() won't fail.
> Thanks.

I've added a blocker on
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-02 02:29:47 UTC
(In reply to Sam James (sec padawan) from comment #4)
ignore this
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-19 21:23:57 UTC
un-CCing arches in favour of bug 724132
Comment 7 NATTkA bot gentoo-dev 2020-05-19 21:24:56 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 8 NATTkA bot gentoo-dev 2020-06-22 13:44:47 UTC
Unable to check for sanity:

> no match for package: =net-analyzer/wireshark-3.2.3
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2020-07-26 23:49:45 UTC
This issue was resolved and addressed in
 GLSA 202007-13 at https://security.gentoo.org/glsa/202007-13
by GLSA coordinator Sam James (sam_c).