CVE-2017-17085 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17085): In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. CVE-2017-17084 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17084): In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. CVE-2017-17083 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17083): In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.
@Maintainers please call for stabilization when ready. Thank you
Sorry for the noise, but it was apparently forgotten to start the stabilization process for version 2.4.3? I have no issues with this new version: [ebuild R ~] net-analyzer/wireshark-2.4.3:0/2.4.3::gentoo USE="androiddump capinfos caps captype dftest dumpcap editcap filecaps geoip lz4 mergecap netlink pcap qt5 randpkt randpktdump reordercap sharkd ssl text2pcap tshark udpdump zlib -adns -ciscodump -doc -doc-pdf -gtk -kerberos -libssh -libxml2 -lua -nghttp2 -portaudio -sbc (-selinux) -smi -snappy -spandsp -sshdump -tfshark" CPU_FLAGS_X86="sse4_2" 0 KiB
@ Arches, please test and mark stable: =net-analyzer/wireshark-2.4.3
x86 stable
ia64 stable
amd64 stable
ppc/ppc64 stable
arm stable
GLSA Vote: No HPPA has a newer stable version. 2.2.x has been dekeyworded for all arches except alpha. Cleanup of that version will be tracked in a newer bug.