CVE-2017-9617 https://bugzilla.redhat.com/show_bug.cgi?id=1464050 In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. Upstream issue: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799 ---------------------------------------------------------------------------------- CVE-2017-9616 https://bugzilla.redhat.com/show_bug.cgi?id=1464048 In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. Upstream issue: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
CVE-2017-9766 https://bugzilla.redhat.com/show_bug.cgi?id=1464051 In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. Upstream issue: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811
*** Bug 634700 has been marked as a duplicate of this bug. ***
There will be no GLSA. The tree is clean. Michael Boyle Gentoo Security Padawan