Summary: | <net-analyzer/wireshark-3.4.0_rc1: Multiple vulnerabilities (CVE-2020-26575) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bman, sam, zlogene |
Priority: | Normal | Keywords: | CC-ARCHES |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=744592 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
net-analyzer/wireshark-3.4.0
media-libs/bcg729-1.0.4-r1
|
Runtime testing required: | --- |
Bug Depends on: | 751358 | ||
Bug Blocks: |
Description
John Helmert III
2020-10-22 00:58:23 UTC
Patch is in 3.4.0rc1 so will modify summary but it's likely not a good stable candidate so will leave at [ebuild]. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa6c736f85d46e3b77b0dca1213025d208517a94 commit fa6c736f85d46e3b77b0dca1213025d208517a94 Author: David Seifert <soap@gentoo.org> AuthorDate: 2020-10-29 22:09:16 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2020-10-29 22:09:16 +0000 net-analyzer/wireshark: Remove old 3.4.0_rc1 Bug: https://bugs.gentoo.org/750692 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> net-analyzer/wireshark/Manifest | 1 - net-analyzer/wireshark/wireshark-3.4.0_rc1.ebuild | 259 ---------------------- 2 files changed, 260 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e870cc59a011d588b0f932c565bab52021a0b59 commit 7e870cc59a011d588b0f932c565bab52021a0b59 Author: David Seifert <soap@gentoo.org> AuthorDate: 2020-10-29 22:09:13 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2020-10-29 22:09:13 +0000 net-analyzer/wireshark: Version bump to 3.4.0 Bug: https://bugs.gentoo.org/750692 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-3.4.0.ebuild | 259 ++++++++++++++++++++++++++ 2 files changed, 260 insertions(+) Sanity check failed:
> net-analyzer/wireshark-3.4.0
> depend arm64 stable profile default/linux/arm64/17.0 (9 total)
> media-libs/bcg729
> rdepend arm64 stable profile default/linux/arm64/17.0 (9 total)
> media-libs/bcg729
arm64 done arm done amd64 stable ppc64 stable x86 done all arches done Resetting sanity check; keywords are not fully specified and arches are not CC-ed. wnpa-sec-2020-15 Description: The GQUIC protocol dissector could crash. Impact: It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This issue was resolved and addressed in GLSA 202011-08 at https://security.gentoo.org/glsa/202011-08 by GLSA coordinator Sam James (sam_c). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf1f049003feaf74580f26c50ad6a91c35056d8e commit cf1f049003feaf74580f26c50ad6a91c35056d8e Author: Sam James <sam@gentoo.org> AuthorDate: 2020-11-16 06:10:41 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-11-16 06:10:41 +0000 net-analyzer/wireshark: security cleanup Bug: https://bugs.gentoo.org/750692 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 - .../files/wireshark-2.4-androiddump.patch | 27 --- .../files/wireshark-2.9.0-tfshark-libm.patch | 10 - .../wireshark-99999999-androiddump-wsutil.patch | 19 -- .../wireshark/files/wireshark-99999999-qtsvg.patch | 10 - net-analyzer/wireshark/wireshark-3.2.7-r1.ebuild | 256 --------------------- 6 files changed, 323 deletions(-) |