Summary: | <net-analyzer/wireshark-3.4.1: Multiple vulnerabilities (CVE-2020-{26418,26419,26420,26421}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | bman, sam, zlogene |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 760800 | ||
Bug Blocks: |
Description
Sam James
2020-12-12 03:26:14 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dcfcf95c3cba1fc240793c5fc5ae479513587943 commit dcfcf95c3cba1fc240793c5fc5ae479513587943 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-12-15 03:37:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-12-15 03:37:05 +0000 net-analyzer/wireshark: bump to 3.4.1 Bug: https://bugs.gentoo.org/759541 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-3.4.1.ebuild | 259 ++++++++++++++++++++++++++ 2 files changed, 260 insertions(+) * CVE-2020-26420 Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. URL: https://gitlab.com/wireshark/wireshark/-/issues/16994 amd64 done arm64 done arm done Resetting sanity check; keywords are not fully specified and arches are not CC-ed. Unable to check for sanity:
> no match for package: net-analyzer/wireshark-3.4.1
This issue was resolved and addressed in GLSA 202101-12 at https://security.gentoo.org/glsa/202101-12 by GLSA coordinator Aaron Bauman (b-man). |