The following vulnerabilities have been fixed:
Multiple dissectors could crash. (Bug 14253) CVE-2018-5336
The IxVeriWave file parser could crash. (Bug 14297)
The WCP dissector could crash. (Bug 14251) CVE-2018-5335
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP,
and GDB dissectors could crash. This was addressed in epan/tvbparse.c by
limiting the recursion depth.
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could
crash. This was addressed in epan/dissectors/packet-wcp.c by validating the
available buffer length.
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser
could crash. This was addressed in wiretap/vwr.c by correcting the signature
timestamp bounds checks.
@ Maintainer(s): Can we already stabilize =net-analyzer/wireshark-2.4.4?
2.4.4 contains the fix, but targeting 2.4.5.
@arches, please stabilize.
arm stable, all arches done.
no vulnerable ebuilds left.
GLSA Vote: No