Comment 2 for bug 360661

2009/4/14 Launchpad Bug Tracker <email address hidden>

> *** This bug is a security vulnerability ***
>
> You have been subscribed to a public security bug by Hew McLachlan (hew):
>
> Binary package hint: wireshark
>
> this version fixes a few security issues, including an arbitrary code
> execution and denial of service vulnerabilities. please upgrade.
> changelog: http://www.wireshark.org/docs/relnotes/wireshark-1.0.7.html.
>
> wireshark (1.0.7-1) unstable; urgency=low
>
> * New upstream release 1.0.7
> - release notes:
> http://www.wireshark.org/docs/relnotes/wireshark-1.0.7.html
> - security fixes:
> - The PROFINET dissector was vulnerable to a format string
> overflow. (CVE-2009-1210)
> - The LDAP dissector could crash on Windows. (CVE-2009-1267)
> - The Check Point High-Availability Protocol (CPHAP) dissector
> could crash. (CVE-2009-1268)
> - Wireshark could crash while loading a Tektronix .rf5 file
> (CVE-2009-1269)
> * update standards-version to 3.8.1
> * add 21_dumpcap.dpatch with patch from Rob Leslie <email address hidden>
> that should avoid dumpcap seeing stop on CTRL-C as an error
> (Closes: #518435)
>
> -- Joost Yervante Damad <email address hidden> Sat, 11 Apr 2009 10:06:45
> +0200
>
> Ubuntu changes to be merged:
> - replace gksu with menu in Recommends
> - Add debian/README.source.
>
> ** Affects: wireshark (Ubuntu)
> Importance: Undecided
> Status: New
>
>
> ** Tags: upgrade
> --
> Please merge wireshark 1.0.7-1 (universe) from Debian unstable (main)
> https://bugs.edge.launchpad.net/bugs/360661
> You received this bug notification because you are a member of MOTU Release
> Team, which is a direct subscriber.
>

1516.18 <iulian> Hew: It looks like there are no new features, so it's a bug
fix release with a lot of security fixes. I'll acknowledge it. Would you
like to take care of the merge?

If yes, I will sponsor it.

--
Iulian Udrea
<email address hidden>