wireshark 0.99.4 has security vulnerabilities (upgrade to wireshark 0.99.5)

Bug #86908 reported by Matti Lindell on 2007-02-22
258
Affects Status Importance Assigned to Milestone
wireshark (Ubuntu)
Undecided
Unassigned
Edgy
Undecided
Unassigned
Feisty
Undecided
Unassigned

Bug Description

Binary package hint: wireshark

upstream has released wireshark 0.99.5 which addresses several security vulnerabilities.
Consider upgrading this for Feisty.

http://www.wireshark.org/security/wnpa-sec-2007-01.html

Kees Cook (kees) wrote :

Feisty's 0.99.4-4 already has these CVEs corrected via backports. See:
http://packages.debian.org/changelogs/pool/main/w/wireshark/current/changelog

Anyone interested in backporting the fixes to edgy?

Changed in wireshark:
status: Unconfirmed → Confirmed
status: Unconfirmed → Rejected
Michael Bienia (geser) wrote :

According to the last Debian upload wireshark 0.99.4-4 contains these patches but they aren't included in the patch list. This is fixed in wireshark 0.99.4-5 for which I filed a sync request (bug #88021).

Changed in wireshark:
status: Rejected → In Progress
Kees Cook (kees) on 2007-02-26
Changed in wireshark:
status: In Progress → Rejected
Michael Bienia (geser) wrote :

Fixed now in feisty (feisty has now wireshark 0.99.4-5).

Kees Cook (kees) on 2007-03-06
Changed in wireshark:
status: Rejected → Fix Released
William Grant (wgrant) wrote :

Looking at the the Debian changelog, the entire diff of 0.99.4-4 was the backporting of those security fixes. Merging the entirety of that diff into Edgy's current version is likely to be the best course of action.

William Grant (wgrant) wrote :

0.99.5 is in Gutsy.

Changed in wireshark:
status: Unconfirmed → Fix Released
Stephan Rügamer (sruegamer) wrote :

All CVEs mentioned here are not affecting feisty version.
They are already fixed in the 0.99.4 debian version

The patches are:
 12_secu_0.99.5_r19859.dpatch
12_secu_0.99.5_r19899.dpatch
 12_secu_0.99.5_r20007.dpatch
 12_secu_0.99.5_r20126.dpatch

Stephan Rügamer (sruegamer) wrote :

Please see #132915 for the fixes.

William Grant (wgrant) wrote :

Edgy is EOL.

Changed in wireshark:
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers