http://www.wireshark.org/ Several security-related vulnerabilities have been fixed. Reproducible: Always
New version is in the tree. Arch teams, please, stabilize. Target keywords: wireshark-1.0.1: alpha amd64 hppa ia64 ppc ppc64 sparc x86
alpha/ia64/sparc/x86 stable
Stable for HPPA.
ppc stable
ppc64 done
dodoc: READMEbsd does not exist dodoc: READMElinux does not exist dodoc: READMEmacos does not exist dodoc: READMEvmware does not exist amd64 stable, all arches done.
GLSA vote here... same that 215276, DoS but we already issued GLSAs for this... so voting YES.
CVE-2008-3137: The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. CVE-2008-3138: The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. CVE-2008-3139: The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. CVE-2008-3140: The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet." CVE-2008-3141: Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
YES too, filing request.
GLSA 200808-04