* CVE-2020-26421 Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. URL: https://www.wireshark.org/security/wnpa-sec-2020-17.html * CVE-2020-26419 Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. URL: https://www.wireshark.org/security/wnpa-sec-2020-19.html * CVE-2020-26418 Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. URL: https://www.wireshark.org/security/wnpa-sec-2020-16.html
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dcfcf95c3cba1fc240793c5fc5ae479513587943 commit dcfcf95c3cba1fc240793c5fc5ae479513587943 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-12-15 03:37:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-12-15 03:37:05 +0000 net-analyzer/wireshark: bump to 3.4.1 Bug: https://bugs.gentoo.org/759541 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-3.4.1.ebuild | 259 ++++++++++++++++++++++++++ 2 files changed, 260 insertions(+)
* CVE-2020-26420 Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. URL: https://gitlab.com/wireshark/wireshark/-/issues/16994
amd64 done
arm64 done
arm done
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Unable to check for sanity: > no match for package: net-analyzer/wireshark-3.4.1
This issue was resolved and addressed in GLSA 202101-12 at https://security.gentoo.org/glsa/202101-12 by GLSA coordinator Aaron Bauman (b-man).