Debian Bug report logs - #396258
multiple wireshark security issues fixed in 0.99.4

version graph

Package: wireshark; Maintainer for wireshark is Balint Reczey <>; Source for wireshark is src:wireshark.

Reported by: Stefan Fritsch <>

Date: Mon, 30 Oct 2006 20:48:12 UTC

Severity: grave

Tags: security

Fixed in version wireshark/0.99.4-1

Done: Frederic Peters <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Frederic Peters <>:
Bug#396258; Package wireshark. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <>:
New Bug report received and forwarded. Copy sent to Frederic Peters <>. Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Stefan Fritsch <>
Subject: multiple wireshark security issues fixed in 0.99.4
Date: Mon, 30 Oct 2006 21:35:57 +0100
package: wireshark
severity: grave
tags: security

Wireshark 0.99.4 fixes the following vulnerabilities: 

The HTTP dissector could crash.  (Bugs 1050 and 1079) 
Versions affected: 0.99.3. 

The LDAP dissector (and possibly others) could crash.  (Bug 1054) 
Versions affected: 0.99.3. 

The XOT dissector could attempt to allocate a large amount of memory    
and crash.  (Bug 1133) 
Versions affected: 0.9.8 to 0.99.3. 

The WBXML dissector could crash.  (Bug 1134) 
Versions affected: 0.10.11 to 0.99.3. 

The MIME Multipart dissector was susceptible to an off-by-one error.  
(Bug 1135) 
Versions affected: 0.10.1 to 0.99.3. 

If AirPcap support was enabled, parsing a WEP key could sometimes 
cause a crash.   
 Versions affected: 0.99.3.

for details.

Reply sent to Frederic Peters <>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Stefan Fritsch <>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at (full text, mbox):

From: Frederic Peters <>
Subject: Bug#396258: fixed in wireshark 0.99.4-1
Date: Wed, 01 Nov 2006 02:32:22 -0800
Source: wireshark
Source-Version: 0.99.4-1

We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive:

  to pool/main/w/wireshark/ethereal-common_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/ethereal-dev_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/ethereal_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/tethereal_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/tshark_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/wireshark-common_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/wireshark-dev_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/wireshark_0.99.4-1.diff.gz
  to pool/main/w/wireshark/wireshark_0.99.4-1.dsc
  to pool/main/w/wireshark/wireshark_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/wireshark_0.99.4.orig.tar.gz

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Frederic Peters <> (supplier of updated wireshark package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.7
Date: Wed,  1 Nov 2006 10:05:05 +0100
Source: wireshark
Binary: wireshark ethereal-dev wireshark-common tshark wireshark-dev ethereal ethereal-common tethereal
Architecture: source amd64
Version: 0.99.4-1
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <>
Changed-By: Frederic Peters <>
 ethereal   - dummy upgrade package for ethereal -> wireshark
 ethereal-common - dummy upgrade package for ethereal -> wireshark
 ethereal-dev - dummy upgrade package for ethereal -> wireshark
 tethereal  - dummy upgrade package for ethereal -> wireshark
 tshark     - network traffic analyzer (console)
 wireshark  - network traffic analyzer
 wireshark-common - network traffic analyser (common files)
 wireshark-dev - network traffic analyser (development tools)
Closes: 375022 396258
 wireshark (0.99.4-1) unstable; urgency=high
   * Backported security patches from yet unreleased 0.99.4 (closes: #396258)
     * has details
     * HTTP dissector could crash (CVE-2006-5468)
     * LDAP dissector (and others) could crash (CVE-2006-5740)
     * XOT dissector could attempt to allocate a large amount of memory and
       crash (CVE-2006-4805)
     * WBXML dissector could crash (CVE-2006-5469)
     * MIME Multipart dissectar was susceptible to an off-by-one error
     * Parsing a WEP key could cause a crash
   * debian/control: disabled libcap-dev for kfreebsd and hurd
     (closes: #375022)
 5cbec27c77fc064236a8ecfac187c2f0 1034 net optional wireshark_0.99.4-1.dsc
 2556a31d0d770dd1990bd67b98bd2f9b 13306790 net optional wireshark_0.99.4.orig.tar.gz
 f3e655ac1b1cf292f374fabce17d1446 14524 net optional wireshark_0.99.4-1.diff.gz
 b707378f7de405b9a2a1e6a7f90acafe 9117990 net optional wireshark-common_0.99.4-1_amd64.deb
 0ac6f11a4618a3bf6d4ab2e8ab47f74e 607536 net optional wireshark_0.99.4-1_amd64.deb
 55218d2e10c37104482d0653c9a783a2 111680 net optional tshark_0.99.4-1_amd64.deb
 7151a52c7567f9994bb1d976955e5ee2 172190 devel optional wireshark-dev_0.99.4-1_amd64.deb
 2e2901fecdc7392b241524008c608a68 22252 net optional ethereal-common_0.99.4-1_amd64.deb
 9362d78bdb14817d5498939d242b6769 21906 devel optional ethereal-dev_0.99.4-1_amd64.deb
 219475aec28d146543424fc857986c67 21890 net optional ethereal_0.99.4-1_amd64.deb
 bee9da6c03f009e45c04f75d4d45a5e0 21902 net optional tethereal_0.99.4-1_amd64.deb

Version: GnuPG v1.4.5 (GNU/Linux)


Bug archived. Request was from Debbugs Internal Request <> to (Tue, 26 Jun 2007 01:40:06 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Thu Apr 17 04:40:34 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.