Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 702028 (CVE-2019-19553) - <net-analyzer/wireshark-3.0.7: CMS dissector crash (CVE-2019-19553)
Summary: <net-analyzer/wireshark-3.0.7: CMS dissector crash (CVE-2019-19553)
Status: RESOLVED FIXED
Alias: CVE-2019-19553
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.wireshark.org/lists/wires...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-05 09:17 UTC by Jeroen Roovers (RETIRED)
Modified: 2020-04-26 02:23 UTC (History)
1 user (show)

See Also:
Package list:
=net-analyzer/wireshark-3.0.7
Runtime testing required: ---
nattka: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2019-12-05 09:17:18 UTC 
The following vulnerabilities have been fixed:

wnpa-sec-2019-22[1] CMS dissector crash. Bug 15961[2].
       CVE-2019-19553[3].
Comment 1 Larry the Git Cow gentoo-dev 2019-12-05 09:17:53 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d37b7f0a2809d12f275798e7ec4b73f8c6d8005b

commit d37b7f0a2809d12f275798e7ec4b73f8c6d8005b
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2019-12-05 09:15:18 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2019-12-05 09:17:49 +0000

    net-analyzer/wireshark: Version 3.0.7
    
    Package-Manager: Portage-2.3.80, Repoman-2.3.19
    Bug: https://bugs.gentoo.org/702028
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 +
 net-analyzer/wireshark/wireshark-3.0.7.ebuild | 245 ++++++++++++++++++++++++++
 2 files changed, 246 insertions(+)
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2019-12-08 22:10:18 UTC 
commit b43d958e694a98325ae0600f83248e0436688734
Author: Jeroen Roovers <jer@gentoo.org>
Date:   Thu Dec 5 22:34:33 2019 +0100

    net-analyzer/wireshark: Stable for amd64 hppa x86 too
Comment 3 Agostino Sarubbo gentoo-dev 2019-12-09 12:10:52 UTC 
ppc64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2019-12-10 09:45:01 UTC 
ia64 stable
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-12-23 09:27:22 UTC 
arm stable
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-18 17:55:11 UTC 
Tree is now clean.
Comment 7 NATTkA bot gentoo-dev 2020-04-06 15:00:35 UTC 
Unable to check for sanity:

> no match for package: =net-analyzer/wireshark-3.0.7
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2020-04-26 02:23:28 UTC 
GLSA Vote: No

Thank you all for you work. 
Closing as [noglsa].