Well, this is only one of them.....
here is the complete list with fixes...I'm preparing some debdiffs from dapper to feisty. gutsy is clean.
* SECURITY UPDATE: wireshark has several vulnerabilities: + CVE-2007-3389: Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. + CVE-2007-3390: Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. + CVE-2007-3392: Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. + CVE-2007-3393: Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. * debian/patches/12_secu_0.99.6_r21034.dpatch: - applied patch from upstream (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-http.c?view=log&pathrev=21034) * debian/patches/12_secu_0.99.6_r20990.dpatch: - applied patch from upstream (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/wiretap/iseries.c?r1=19814&r2=20990&pathrev=20990) * debian/patches/12_secu_0.99.6_r21392.dpatch , 12_secu_0.99.6_r21665.dpatch: - applied patches from upstream (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-ssl.c?r1=21650&r2=21665&pathrev=21665&view=patch) (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-mms.c?r1=21088&r2=21392&pathrev=21392&view=patch) * debian/patches/12_secu_0.99.6_r21947.dpatch: - applied patch from upstream (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-bootp.c?r1=21924&r2=21947&pathrev=21947&view=patch) * References: CVE-2007-3389 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1394 CVE-2007-3390 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1415 CVE-2007-3392 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1342 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1582 CVE-2007-3393 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1416
Well, this is only one of them.....
here is the complete list with fixes...I'm preparing some debdiffs from dapper to feisty. gutsy is clean.
* SECURITY UPDATE: wireshark has several vulnerabilities: patches/ 12_secu_ 0.99.6_ r21034. dpatch: anonsvn. wireshark. org/viewvc/ viewvc. py/trunk/ epan/dissectors /packet- http.c? view=log& pathrev= 21034) patches/ 12_secu_ 0.99.6_ r20990. dpatch: anonsvn. wireshark. org/viewvc/ viewvc. py/trunk/ wiretap/ iseries. c?r1=19814& r2=20990& pathrev= 20990) patches/ 12_secu_ 0.99.6_ r21392. dpatch , secu_0. 99.6_r21665. dpatch: anonsvn. wireshark. org/viewvc/ viewvc. py/trunk/ epan/dissectors /packet- ssl.c?r1= 21650&r2= 21665&pathrev= 21665&view= patch) anonsvn. wireshark. org/viewvc/ viewvc. py/trunk/ epan/dissectors /packet- mms.c?r1= 21088&r2= 21392&pathrev= 21392&view= patch) patches/ 12_secu_ 0.99.6_ r21947. dpatch: anonsvn. wireshark. org/viewvc/ viewvc. py/trunk/ epan/dissectors /packet- bootp.c? r1=21924& r2=21947& pathrev= 21947&view= patch) bugs.wireshark. org/bugzilla/ show_bug. cgi?id= 1394 bugs.wireshark. org/bugzilla/ show_bug. cgi?id= 1415 bugs.wireshark. org/bugzilla/ show_bug. cgi?id= 1342 bugs.wireshark. org/bugzilla/ show_bug. cgi?id= 1582 bugs.wireshark. org/bugzilla/ show_bug. cgi?id= 1416
+ CVE-2007-3389: Wireshark before 0.99.6 allows remote attackers to cause
a denial of service (crash) via a crafted chunked encoding in an HTTP
response, possibly related to a zero-length payload.
+ CVE-2007-3390: Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running
on certain systems, allows remote attackers to cause a denial of service
(crash) via crafted iSeries capture files that trigger a SIGTRAP.
+ CVE-2007-3392: Wireshark before 0.99.6 allows remote attackers to cause
a denial of service via malformed (1) SSL or (2) MMS packets that trigger an
infinite loop.
+ CVE-2007-3393: Off-by-one error in the DHCP/BOOTP dissector in Wireshark
before 0.99.6 allows remote attackers to cause a denial of service (crash) via
crafted DHCP-over-DOCSIS packets.
* debian/
- applied patch from upstream
(Link: http://
* debian/
- applied patch from upstream
(Link: http://
* debian/
12_
- applied patches from upstream
(Link: http://
(Link: http://
* debian/
- applied patch from upstream
(Link: http://
* References:
CVE-2007-3389
http://
CVE-2007-3390
http://
CVE-2007-3392
http://
http://
CVE-2007-3393
http://