Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 652402 - <net-analyzer/wireshark-2.4.6 multiple vulnerabilities
Summary: <net-analyzer/wireshark-2.4.6 multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.wireshark.org/lists/wires...
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 635686
Blocks:
  Show dependency tree
 
Reported: 2018-04-04 10:50 UTC by Jeroen Roovers (RETIRED)
Modified: 2018-10-12 07:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2018-04-04 10:50:05 UTC
The following vulnerabilities have been fixed:
     * [1]wnpa-sec-2018-15
       The MP4 dissector could crash. ([2]Bug 13777)
     * [3]wnpa-sec-2018-16
       The ADB dissector could crash. ([4]Bug 14460)
     * [5]wnpa-sec-2018-17
       The IEEE 802.15.4 dissector could crash. ([6]Bug 14468)
     * [7]wnpa-sec-2018-18
       The NBAP dissector could crash. ([8]Bug 14471)
     * [9]wnpa-sec-2018-19
       The VLAN dissector could crash. ([10]Bug 14469)
     * [11]wnpa-sec-2018-20
       The LWAPP dissector could crash. ([12]Bug 14467)
     * [13]wnpa-sec-2018-21
       The TCP dissector could crash. ([14]Bug 14472)
     * [15]wnpa-sec-2018-22
       The CQL dissector could to into an infinite loop. ([16]Bug 14530)
     * [17]wnpa-sec-2018-23
       The Kerberos dissector could crash. ([18]Bug 14576)
     * [19]wnpa-sec-2018-24
       Multiple dissectors and other modules could leak memory. The TN3270
       ([20]Bug 14480), ISUP ([21]Bug 14481), LAPD ([22]Bug 14482), SMB2
       ([23]Bug 14483), GIOP ([24]Bug 14484), ASN.1 ([25]Bug 14485), MIME
       multipart ([26]Bug 14486), H.223 ([27]Bug 14487), and PCP ([28]Bug
       14488) dissectors were susceptible along with Wireshark and TShark
       ([29]Bug 14489).
Comment 1 Stabilization helper bot gentoo-dev 2018-04-04 11:01:07 UTC
An automated check of this bug failed - repoman reported dependency errors (23 lines truncated): 

> dependency.bad net-analyzer/wireshark/wireshark-2.4.6.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['media-libs/spandsp']
> dependency.bad net-analyzer/wireshark/wireshark-2.4.6.ebuild: RDEPEND: alpha(default/linux/alpha/13.0) ['media-libs/spandsp']
> dependency.bad net-analyzer/wireshark/wireshark-2.4.6.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['media-libs/spandsp']
Comment 2 Stabilization helper bot gentoo-dev 2018-04-05 13:01:24 UTC
An automated check of this bug failed - repoman reported dependency errors (13 lines truncated): 

> dependency.bad net-analyzer/wireshark/wireshark-2.4.6.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['media-libs/spandsp']
> dependency.bad net-analyzer/wireshark/wireshark-2.4.6.ebuild: RDEPEND: alpha(default/linux/alpha/13.0) ['media-libs/spandsp']
> dependency.bad net-analyzer/wireshark/wireshark-2.4.6.ebuild: DEPEND: alpha(default/linux/alpha/13.0/desktop) ['media-libs/spandsp']
Comment 3 Sergei Trofimovich gentoo-dev 2018-04-08 15:42:31 UTC
commit 52371857a104510b70bd1a1e6412b2f4ab3a2381
Author: Jeroen Roovers <jer@gentoo.org>
Date:   Thu Apr 5 11:31:10 2018 +0200

    net-analyzer/wireshark: Stable for AMD64 HPPA x86 too.
Comment 4 Tobias Klausmann gentoo-dev 2018-04-10 11:33:46 UTC
Stable on alpha.
Comment 5 Markus Meier gentoo-dev 2018-04-14 11:39:52 UTC
arm stable
Comment 6 Larry the Git Cow gentoo-dev 2018-04-16 21:03:24 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6d7bd0fd10c88b36e89103b7eee59a95a033ec6

commit a6d7bd0fd10c88b36e89103b7eee59a95a033ec6
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-04-16 20:56:04 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-16 21:03:00 +0000

    net-analyzer/wireshark: stable 2.4.6 for ia64, bug #652402
    
    Bug: https://bugs.gentoo.org/652402
    Package-Manager: Portage-2.3.28, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 net-analyzer/wireshark/wireshark-2.4.6.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 7 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-06-11 15:01:11 UTC
superseded by 2.6.1 call for stable