Comment 3 for bug 1687344

This bug was fixed in the package wireshark - 2.4.0-1

---------------
wireshark (2.4.0-1) unstable; urgency=medium

  * Use debconf messages instead of "echo" in postinst/postrm (LP: #1687344)
  * New upstream release
    - release notes:
      https://www.wireshark.org/docs/relnotes/wireshark-2.4.0.html
    - security fixes:
      - deeply nested DAAP data may cause stack exhaustion
        (uncontrolled recursion) in the dissect_daap_one_tag function
        (CVE-2017-9617) (Closes: #870174)
      - PROFINET IO data with a high recursion depth allows remote
        attackers to cause a denial of service (stack exhaustion)
        in the dissect_IODWriteReq function. (CVE-2017-9766)
        (Closes: #870175)
      - the DOCSIS dissector could go into an infinite loop (CVE-2017-11406)
        (Closes: #870172)
      - the MQ dissector could crash (CVE-2017-11407) (Closes: #870172)
      - the AMQP dissector could crash (CVE-2017-11408) (Closes: #870172)
      - the WBXML dissector could go into an infinite loop, triggered
        by packet injection or a malformed capture file (CVE-2017-11410)
        (Closes: #870180)
      - the openSAFETY dissector could crash or exhaust system memory
        (CVE-2017-11411) (Closes: #870179)
  * Update shared library package names to match new .so versions
  * Refresh patches
  * Drop workaround to use system's nghttp2 since upstream does not
    ship the embedded copy anymore
  * Add build-dependency on libparse-yapp-perl, liblz4-dev, libsnappy-dev,
    libspandsp-dev, libxml2-dev and lynx to enable new upstream features
  * Update PO files about debconf templates

 -- Balint Reczey <email address hidden> Sun, 06 Aug 2017 13:22:45 -0400