CVE-2024-0208 (https://www.wireshark.org/security/wnpa-sec-2024-01.html): GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVE-2024-0209 (https://www.wireshark.org/security/wnpa-sec-2024-02.html): IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0050375f3b5870a1db7ac065f3a3395e043d748e commit 0050375f3b5870a1db7ac065f3a3395e043d748e Author: Christopher Fore <csfore@posteo.net> AuthorDate: 2024-04-04 01:28:01 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-04-04 02:27:02 +0000 net-analyzer/wireshark: add 4.0.14, 4.2.4, drop 4.1.0 - 4.0.14 security bump, also add 4.2.4 - New USE flag for 4.2.x, http3 - Unkeyword 4.2.4 to match net-libs/http3 - Drop 4.1.0 since it was a dev release Bug: https://bugs.gentoo.org/921528 Signed-off-by: Christopher Fore <csfore@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/34685 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 6 +- net-analyzer/wireshark/metadata.xml | 1 + net-analyzer/wireshark/wireshark-4.0.14.ebuild | 344 +++++++++++++++++++++ ...reshark-4.1.0.ebuild => wireshark-4.2.4.ebuild} | 11 +- 4 files changed, 355 insertions(+), 7 deletions(-)
