Summary: | net-analyzer/ethereal 0.10.10 fixes security vulnerabilities | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | dragonheart, ka0ttic | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | B1? [glsa] jaervosz | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Thierry Carrez (RETIRED)
2005-03-08 13:35:21 UTC
Ccing eldad and dragonheart as recent version bumpers. This is still confidential, official release of 0.10.10 is Thursday at 3:00PM CST (21:00 UTC). Will one of you be around to check and commit the new version then ? eldad is away until april -> uncc'ing. CVE ids assigned: CAN-2005-0704 Etheric CAN-2005-0705 GPRS-LLC CAN-2005-0699 3GPP2 A11 Another issue popped up so the release date is changed to: March 11 17:00 GMT. The IAPP dissector is vulnerable to a buffer overflow. Versions affected: 0.9.1 to 0.9.9 Daniel, I've stayed up long enough waiting... gotta get some sleep. Good news is I've done all the work for ya (working from a svn snapshot of the 0.10.10 branch from about an hour or two ago). The only patch in the previous ebuild is no longer required. Modified ebuild is attached. Created attachment 53190 [details]
ethereal-0.10.10.ebuild
*sigh* nevermind. Got the announcement in my mailbox right after I pressed "Commit". Going to build with the official tarball and make sure everything is still ok. In CVS, stable on x86. Will the CC'd archs please mark stable? stable on amd64 Stable on alpha. Stable on ppc. stable on ppc64 sparc done. GLSA 200503-16 ia64, please mark stable to benefit from GLSA. |