Bug Fixes The following vulnerabilities have been fixed: • wnpa-sec-2020-01[1] WASSP dissector crash. Bug 16324[2]. CVE-2020-7044[3].
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5a931c14349615d2b3ab2a3f38f0c4ece961da7 commit a5a931c14349615d2b3ab2a3f38f0c4ece961da7 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-01-15 21:10:43 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-01-15 21:11:27 +0000 net-analyzer/wireshark: Version 3.2.1 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Bug: https://bugs.gentoo.org/705506 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-3.2.1.ebuild | 247 ++++++++++++++++++++++++++ 2 files changed, 248 insertions(+)
amd64 stable
ppc64 stable
x86 stable
ia64 stable
arm stable
hppa stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be88776872a669651fdd99855943d590212a57d3 commit be88776872a669651fdd99855943d590212a57d3 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-02-04 11:08:11 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-02-04 11:08:48 +0000 net-analyzer/wireshark: Old Package-Manager: Portage-2.3.87, Repoman-2.3.20 Bug: https://bugs.gentoo.org/show_bug.cgi?id=705506 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/wireshark/Manifest | 2 - net-analyzer/wireshark/metadata.xml | 1 - net-analyzer/wireshark/wireshark-3.0.3.ebuild | 245 -------------------------- net-analyzer/wireshark/wireshark-3.0.7.ebuild | 245 -------------------------- 4 files changed, 493 deletions(-)
Tree is clean.
GLSA Vote: No Repository is clean, all done!
CVE-2020-7045 (https://nvd.nist.gov/vuln/detail/CVE-2020-7045): In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes. CVE-2020-7044 (https://nvd.nist.gov/vuln/detail/CVE-2020-7044): In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.