The 1.4 advisory at $URL is not available yet, but the 1.2 advisory at http://www.wireshark.org/security/wnpa-sec-2011-09.html shows: Summary Name: Lucent/Ascend file parser vulnerability in Wireshark® version 1.2.0 to 1.2.17 Docid: wnpa-sec-2011-09 Date: May 31, 2011 Versions affected: 1.2.0 up to and including 1.2.17 Related: wnpa-sec-2011-11 (Lucent/Ascend file parser vulnerability in Wireshark® version 1.6.0) wnpa-sec-2011-10 (Lucent/Ascend file parser vulnerability in Wireshark® version 1.4.0 to 1.4.7) Details Description Wireshark 1.2.18 fixes the following vulnerability: * The Lucent/Ascend file parser was susceptible to an infinite loop. Versions affected: 1.2.0 to 1.2.17, 1.4.0 to 1.4.7, and 1.6.0. CVE-2011-2597 Impact It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 1.2.18 or later. It is not possible to work around this bug.
CVE-2011-2597 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2597): The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets.
Thank you Tim. Should be fixed in 1.4.8: http://www.wireshark.org/security/wnpa-sec-2011-10.html Arch teams, please, stabilize wireshark-1.4.8.
amd64: emerge pass, launch pass.
x86 stable
x86 done. Thanks
ppc/ppc64 done
amd64 done. Thanks Elijah
Stable for HPPA.
alpha/ia64/sparc stable
Thanks, Peter, folks. GLSA Vote: no.
This issue was resolved and addressed in GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml by GLSA coordinator Alex Legler (a3li).