Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 672216 (CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625, CVE-2018-19626, CVE-2018-19627, CVE-2018-19628) - <net-analyzer/wireshark-2.6.5: multiple vulnerabilities
Summary: <net-analyzer/wireshark-2.6.5: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625, CVE-2018-19626, CVE-2018-19627, CVE-2018-19628
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.wireshark.org/docs/relnot...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: CVE-2019-9208, CVE-2019-9209
Blocks:
  Show dependency tree
 
Reported: 2018-11-29 05:52 UTC by Jeroen Roovers
Modified: 2019-03-20 13:57 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers gentoo-dev 2018-11-29 05:52:29 UTC
Bug Fixes
The following vulnerabilities have been fixed:

wnpa-sec-2018-51 The Wireshark dissection engine could crash. Bug 14466. CVE-2018-19625.

wnpa-sec-2018-52 The DCOM dissector could crash. Bug 15130. CVE-2018-19626.

wnpa-sec-2018-53 The LBMPDM dissector could crash. Bug 15132. CVE-2018-19623.

wnpa-sec-2018-54 The MMSE dissector could go into an infinite loop. Bug 15250. CVE-2018-19622.

wnpa-sec-2018-55 The IxVeriWave file parser could crash. Bug 15279. CVE-2018-19627.

wnpa-sec-2018-56 The PVFS dissector could crash. Bug 15280. CVE-2018-19624.

wnpa-sec-2018-57 The ZigBee ZCL dissector could crash. Bug 15281. CVE-2018-19628.
Comment 1 Jeroen Roovers gentoo-dev 2018-11-29 22:31:16 UTC
Pls stop changing the obvious vectors and doing your users a disservice. We know which versions are vulnerable because I told everyone in the 
Summary. Now you make me tell users again.
Comment 2 Jeroen Roovers gentoo-dev 2018-11-29 22:33:02 UTC
So basically, if rewriting history is your thing, security team, then you're on the wrong path.
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-11-30 02:28:25 UTC
(In reply to Jeroen Roovers from comment #2)
> So basically, if rewriting history is your thing, security team, then you're
> on the wrong path.

The ebuild was not in the tree at the time I changed the summary. This is the policy of the security team to not have a version without the ebuild in the tree. 

So, next time change the bug after the ebuild has been pushed.