* Use debconf messages instead of "echo" in postinst/postrm (LP: #1687344)
* New upstream release
- release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.4.0.html
- security fixes:
- deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function (CVE-2017-9617) (Closes: #870174)
- PROFINET IO data with a high recursion depth allows remote
attackers to cause a denial of service (stack exhaustion)
in the dissect_IODWriteReq function. (CVE-2017-9766)
(Closes: #870175)
- the DOCSIS dissector could go into an infinite loop (CVE-2017-11406)
(Closes: #870172)
- the MQ dissector could crash (CVE-2017-11407) (Closes: #870172)
- the AMQP dissector could crash (CVE-2017-11408) (Closes: #870172)
- the WBXML dissector could go into an infinite loop, triggered
by packet injection or a malformed capture file (CVE-2017-11410)
(Closes: #870180)
- the openSAFETY dissector could crash or exhaust system memory (CVE-2017-11411) (Closes: #870179)
* Update shared library package names to match new .so versions
* Refresh patches
* Drop workaround to use system's nghttp2 since upstream does not
ship the embedded copy anymore
* Add build-dependency on libparse-yapp-perl, liblz4-dev, libsnappy-dev,
libspandsp-dev, libxml2-dev and lynx to enable new upstream features
* Update PO files about debconf templates
This bug was fixed in the package wireshark - 2.4.0-1
---------------
wireshark (2.4.0-1) unstable; urgency=medium
* Use debconf messages instead of "echo" in postinst/postrm (LP: #1687344) /www.wireshark. org/docs/ relnotes/ wireshark- 2.4.0.html
(uncontrolled recursion) in the dissect_ daap_one_ tag function
(CVE-2017- 9617) (Closes: #870174)
(CVE-2017- 11411) (Closes: #870179)
* New upstream release
- release notes:
https:/
- security fixes:
- deeply nested DAAP data may cause stack exhaustion
- PROFINET IO data with a high recursion depth allows remote
attackers to cause a denial of service (stack exhaustion)
in the dissect_IODWriteReq function. (CVE-2017-9766)
(Closes: #870175)
- the DOCSIS dissector could go into an infinite loop (CVE-2017-11406)
(Closes: #870172)
- the MQ dissector could crash (CVE-2017-11407) (Closes: #870172)
- the AMQP dissector could crash (CVE-2017-11408) (Closes: #870172)
- the WBXML dissector could go into an infinite loop, triggered
by packet injection or a malformed capture file (CVE-2017-11410)
(Closes: #870180)
- the openSAFETY dissector could crash or exhaust system memory
* Update shared library package names to match new .so versions
* Refresh patches
* Drop workaround to use system's nghttp2 since upstream does not
ship the embedded copy anymore
* Add build-dependency on libparse-yapp-perl, liblz4-dev, libsnappy-dev,
libspandsp-dev, libxml2-dev and lynx to enable new upstream features
* Update PO files about debconf templates
-- Balint Reczey <email address hidden> Sun, 06 Aug 2017 13:22:45 -0400