Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 824474 (CVE-2021-39920, CVE-2021-39921, CVE-2021-39922, CVE-2021-39924, CVE-2021-39925, CVE-2021-39926, CVE-2021-39928, CVE-2021-39929)

Summary: <net-analyzer/wireshark-3.4.10: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: bman, sam, zlogene
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 827866    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-11-18 08:42:31 UTC 
From https://www.wireshark.org/docs/relnotes/wireshark-3.4.10.html: 
```
    wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929.
    wnpa-sec-2021-08 Bluetooth HCI_ISO dissector crash. Issue 17649. CVE-2021-39926.
    wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925.
    wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924.
    wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684.
    wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922.
    wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928.
    wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921.
    wnpa-sec-2021-15 IPPUSB dissector crash. Issue 17705. CVE-2021-39920.
```
Comment 1 Larry the Git Cow gentoo-dev 2021-11-18 08:59:55 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87d6a9904b211382bff874f539e96268369f81ac

commit 87d6a9904b211382bff874f539e96268369f81ac
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-18 08:56:49 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-18 08:59:44 +0000

    net-analyzer/wireshark: add 3.4.10
    
    Now with tests! Restricted known-failing ones.
    
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest                |   1 +
 net-analyzer/wireshark/wireshark-3.4.10.ebuild | 281 +++++++++++++++++++++++++
 net-analyzer/wireshark/wireshark-9999.ebuild   |   5 +-
 3 files changed, 285 insertions(+), 2 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2021-12-13 05:17:14 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06eb3e1a2d8234b725d8c8962c235a97cb65e9b1

commit 06eb3e1a2d8234b725d8c8962c235a97cb65e9b1
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-12-13 05:17:04 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-12-13 05:17:04 +0000

    net-analyzer/wireshark: drop 3.4.9
    
    Bug: https://bugs.gentoo.org/824474
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 -
 net-analyzer/wireshark/wireshark-3.4.9.ebuild | 280 --------------------------
 2 files changed, 281 deletions(-)