Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 615462 (CVE-2017-7700, CVE-2017-7701, CVE-2017-7702, CVE-2017-7703, CVE-2017-7704, CVE-2017-7705) - <net-analyzer/wireshark-2.2.6: multiple vulnerabilities
Summary: <net-analyzer/wireshark-2.2.6: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-7700, CVE-2017-7701, CVE-2017-7702, CVE-2017-7703, CVE-2017-7704, CVE-2017-7705
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.wireshark.org/lists/wires...
Whiteboard: B3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-13 16:51 UTC by Jeroen Roovers
Modified: 2017-08-09 01:59 UTC (History)
1 user (show)

See Also:
Package list:
=net-analyzer/wireshark-2.2.6
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers gentoo-dev 2017-04-13 16:51:07 UTC
The following vulnerabilities have been fixed:
     * [1]wnpa-sec-2017-12
       IMAP dissector crash ([2]Bug 13466) [3]CVE-2017-7703
     * [4]wnpa-sec-2017-13
       WBMXL dissector infinite loop ([5]Bug 13477) [6]CVE-2017-7702
     * [7]wnpa-sec-2017-14
       NetScaler file parser infinite loop ([8]Bug 13478) [9]CVE-2017-7700
     * [10]wnpa-sec-2017-15
       RPCoRDMA dissector infinite loop ([11]Bug 13558) [12]CVE-2017-7705
     * [13]wnpa-sec-2017-16
       BGP dissector infinite loop ([14]Bug 13557) [15]CVE-2017-7701
     * [16]wnpa-sec-2017-17
       DOF dissector infinite loop ([17]Bug 13453) [18]CVE-2017-7704
     * [19]wnpa-sec-2017-18
       PacketBB dissector crash ([20]Bug 13559)
     * [21]wnpa-sec-2017-19
       SLSK dissector long loop ([22]Bug 13576)
     * [23]wnpa-sec-2017-20
       SIGCOMP dissector infinite loop ([24]Bug 13578)
     * [25]wnpa-sec-2017-21
       WSP dissector infinite loop ([26]Bug 13581)
Comment 1 Jeroen Roovers gentoo-dev 2017-04-13 17:08:20 UTC
Arch teams, please test and mark stable:
=net-analyzer/wireshark-2.2.6
Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 2 Jeroen Roovers gentoo-dev 2017-04-15 08:54:45 UTC
Stable for HPPA.
Comment 3 Michael Weber (RETIRED) gentoo-dev 2017-04-18 06:42:50 UTC
arm ppc stable
Comment 4 Michael Weber (RETIRED) gentoo-dev 2017-05-13 22:49:05 UTC
ppc64 stable.
Comment 5 Jeroen Roovers gentoo-dev 2017-05-18 08:11:21 UTC
Stable for AMD64 x86.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev Security 2017-05-21 07:15:17 UTC
Arches, can we please complete stabilization, tis is past due.
Comment 7 Tobias Klausmann gentoo-dev 2017-05-21 18:15:37 UTC
Stable on alpha.
Comment 8 Yury German Gentoo Infrastructure gentoo-dev Security 2017-05-22 01:50:29 UTC
Added to an existing GLSA Request.

Please finish up stabilization for sparc and ia64.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2017-06-06 19:50:33 UTC
This issue was resolved and addressed in
 GLSA 201706-12 at https://security.gentoo.org/glsa/201706-12
by GLSA coordinator Kristian Fiskerstrand (K_F).
Comment 10 Thomas Deutschmann gentoo-dev Security 2017-06-11 13:21:32 UTC
Superseded by bug 620858.
Comment 11 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-08-09 01:59:30 UTC
GLSA was released for this already.  Cleanup will happen in the latest bug.