The 1.4 advisory at $URL is not available yet, but the 1.2 advisory at http://www.wireshark.org/security/wnpa-sec-2011-09.html shows:
Name: Lucent/Ascend file parser vulnerability in Wireshark® version 1.2.0 to 1.2.17
Date: May 31, 2011
Versions affected: 1.2.0 up to and including 1.2.17
Related: wnpa-sec-2011-11 (Lucent/Ascend file parser vulnerability in Wireshark® version 1.6.0) wnpa-sec-2011-10 (Lucent/Ascend file parser vulnerability in Wireshark® version 1.4.0 to 1.4.7)
Wireshark 1.2.18 fixes the following vulnerability:
* The Lucent/Ascend file parser was susceptible to an infinite loop. Versions affected: 1.2.0 to 1.2.17, 1.4.0 to 1.4.7, and 1.6.0. CVE-2011-2597
It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.
Upgrade to Wireshark 1.2.18 or later. It is not possible to work around this bug.
The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x
through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of
service (infinite loop) via malformed packets.
Thank you Tim. Should be fixed in 1.4.8:
Arch teams, please, stabilize wireshark-1.4.8.
emerge pass, launch pass.
x86 done. Thanks
amd64 done. Thanks Elijah
Stable for HPPA.
Thanks, Peter, folks. GLSA Vote: no.
This issue was resolved and addressed in
GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).