http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html http://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html
Arch teams, please test and mark stable: =net-analyzer/wireshark-1.6.15 =net-analyzer/wireshark-1.8.7 Stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
amd64 stable
(In reply to comment #2) > amd64 stable The other half, too, please.
Stable for HPPA.
x86 stable
ppc stable
sparc stable
alpha stable
ia64 stable
ppc64 stable
SPARC still needs to stabilise 1.6.15.
CVE-2013-3562 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3562): Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-3561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3561): Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. CVE-2013-3560 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3560): The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-3559 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3559): epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. CVE-2013-3558 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3558): The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-3557 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3557): The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-3556 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3556): The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-3555 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3555): epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Adding to existing GLSA draft
This issue was resolved and addressed in GLSA 201308-05 at http://security.gentoo.org/glsa/glsa-201308-05.xml by GLSA coordinator Sergey Popov (pinkbyte).
