Ubuntu
wireshark package

wireshark 0.99.4 has security vulnerabilities (upgrade to wireshark 0.99.5)

Bug #86908 reported by Matti Lindell on 2007-02-22

258

Affects		Status	Importance	Assigned to	Milestone
	wireshark (Ubuntu)	Fix Released	Undecided	Unassigned
	Edgy	Won't Fix	Undecided	Unassigned
	Feisty	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: wireshark

upstream has released wireshark 0.99.5 which addresses several security vulnerabilities.
Consider upgrading this for Feisty.

http://www.wireshark.org/security/wnpa-sec-2007-01.html

Tags:

Related branches

lp:ubuntu/edgy-security/wireshark

CVE References

Revision history for this message

Kees Cook (kees) wrote on 2007-02-22:

#1

Feisty's 0.99.4-4 already has these CVEs corrected via backports. See:
http://packages.debian.org/changelogs/pool/main/w/wireshark/current/changelog

Anyone interested in backporting the fixes to edgy?

Changed in wireshark:
status:	Unconfirmed → Confirmed
status:	Unconfirmed → Rejected

Revision history for this message

Michael Bienia (geser) wrote on 2007-02-26:

#2

According to the last Debian upload wireshark 0.99.4-4 contains these patches but they aren't included in the patch list. This is fixed in wireshark 0.99.4-5 for which I filed a sync request (bug #88021).

Changed in wireshark:
status:	Rejected → In Progress

Kees Cook (kees) on 2007-02-26

Changed in wireshark:
status:	In Progress → Rejected

Revision history for this message

Michael Bienia (geser) wrote on 2007-03-04:

#3

Fixed now in feisty (feisty has now wireshark 0.99.4-5).

Kees Cook (kees) on 2007-03-06

Changed in wireshark:
status:	Rejected → Fix Released

Revision history for this message

William Grant (wgrant) wrote on 2007-03-10:

#4

Looking at the the Debian changelog, the entire diff of 0.99.4-4 was the backporting of those security fixes. Merging the entirety of that diff into Edgy's current version is likely to be the best course of action.

Revision history for this message

William Grant (wgrant) wrote on 2007-05-06:

#5

0.99.5 is in Gutsy.

Changed in wireshark:
status:	Unconfirmed → Fix Released

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-11-17:

#6

All CVEs mentioned here are not affecting feisty version.
They are already fixed in the 0.99.4 debian version

The patches are:
12_secu_0.99.5_r19859.dpatch
12_secu_0.99.5_r19899.dpatch
12_secu_0.99.5_r20007.dpatch
12_secu_0.99.5_r20126.dpatch

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-11-17:

#7

Please see #132915 for the fixes.

Revision history for this message

William Grant (wgrant) wrote on 2008-04-26:

#8

Edgy is EOL.

Changed in wireshark:
status:	Confirmed → Won't Fix

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.