Debian Bug report logs - #533347
wireshark: new upstream version (1.0.8) available with security fixes

version graph

Package: wireshark; Maintainer for wireshark is Balint Reczey <balint@balintreczey.hu>; Source for wireshark is src:wireshark.

Reported by: balint@balintreczey.hu

Date: Tue, 16 Jun 2009 18:39:01 UTC

Severity: critical

Tags: patch, security

Found in versions wireshark/1.0.2-3+lenny5, wireshark/1.0.2-3

Fixed in versions wireshark/1.0.8-1, wireshark/1.0.2-3+lenny6

Done: Balint Reczey <balint@balintreczey.hu>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:
Bug#533347; Package wireshark. (Tue, 16 Jun 2009 18:39:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to balint@balintreczey.hu:
New Bug report received and forwarded. Copy sent to Frederic Peters <fpeters@debian.org>. (Tue, 16 Jun 2009 18:39:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Bálint Réczey <balint@balintreczey.hu>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: wireshark: new upstream version (1.0.8) available with security fixes
Date: Tue, 16 Jun 2009 11:36:06 -0700
[Message part 1 (text/plain, inline)]
Source: wireshark
Version: 1.0.2-3+lenny5
Severity: critical
Tags: patch security

Hi,

There is a new upstream version available:
http://www.wireshark.org/docs/relnotes/wireshark-1.0.8.html

It contains several security related fixes, collected in the attached patch.

Cheers,
Balint
[wireshark-1.0.8-security.patch (text/x-patch, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:
Bug#533347; Package wireshark. (Sun, 05 Jul 2009 03:24:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Frederic Peters <fpeters@debian.org>. (Sun, 05 Jul 2009 03:24:02 GMT) Full text and rfc822 format available.

Message #10 received at 533347@bugs.debian.org (full text, mbox):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
To: 533347@bugs.debian.org, control@bugs.debian.org
Subject: info
Date: Sat, 4 Jul 2009 23:20:31 -0400
fixed 533347 1.0.8-1
thanks

some more info about this issue can be found here [1].  please
coordinate with the security team to prepare updated packages for the
stable releases.  thanks.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=501929




Bug marked as fixed in version 1.0.8-1. Request was from "Michael S. Gilbert" <michael.s.gilbert@gmail.com> to control@bugs.debian.org. (Sun, 05 Jul 2009 03:24:03 GMT) Full text and rfc822 format available.

Bug Marked as found in versions wireshark/1.0.2-3. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Fri, 23 Oct 2009 09:12:05 GMT) Full text and rfc822 format available.

Reply sent to Balint Reczey <balint@balintreczey.hu>:
You have taken responsibility. (Sun, 25 Oct 2009 20:12:38 GMT) Full text and rfc822 format available.

Notification sent to balint@balintreczey.hu:
Bug acknowledged by developer. (Sun, 25 Oct 2009 20:12:38 GMT) Full text and rfc822 format available.

Message #19 received at 533347-close@bugs.debian.org (full text, mbox):

From: Balint Reczey <balint@balintreczey.hu>
To: 533347-close@bugs.debian.org
Subject: Bug#533347: fixed in wireshark 1.0.2-3+lenny6
Date: Sun, 25 Oct 2009 19:57:40 +0000
Source: wireshark
Source-Version: 1.0.2-3+lenny6

We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive:

tshark_1.0.2-3+lenny6_amd64.deb
  to pool/main/w/wireshark/tshark_1.0.2-3+lenny6_amd64.deb
wireshark-common_1.0.2-3+lenny6_amd64.deb
  to pool/main/w/wireshark/wireshark-common_1.0.2-3+lenny6_amd64.deb
wireshark-dev_1.0.2-3+lenny6_amd64.deb
  to pool/main/w/wireshark/wireshark-dev_1.0.2-3+lenny6_amd64.deb
wireshark_1.0.2-3+lenny6.diff.gz
  to pool/main/w/wireshark/wireshark_1.0.2-3+lenny6.diff.gz
wireshark_1.0.2-3+lenny6.dsc
  to pool/main/w/wireshark/wireshark_1.0.2-3+lenny6.dsc
wireshark_1.0.2-3+lenny6_amd64.deb
  to pool/main/w/wireshark/wireshark_1.0.2-3+lenny6_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 533347@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Balint Reczey <balint@balintreczey.hu> (supplier of updated wireshark package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 28 Sep 2009 13:05:13 +0100
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev
Architecture: source amd64
Version: 1.0.2-3+lenny6
Distribution: stable
Urgency: high
Maintainer: Frederic Peters <fpeters@debian.org>
Changed-By: Balint Reczey <balint@balintreczey.hu>
Description: 
 tshark     - network traffic analyzer (console)
 wireshark  - network traffic analyzer
 wireshark-common - network traffic analyser (common files)
 wireshark-dev - network traffic analyser (development tools)
Closes: 533347
Changes: 
 wireshark (1.0.2-3+lenny6) stable; urgency=high
 .
   * security fixes from Wireshark 1.0.8 and 1.0.9:
     - The PCNFSD dissector could crash (CVE-2009-1829)
     - The AFS dissector could crash (CVE-2009-2562)
     - The OpcUa dissector could use excessive CPU and memory (CVE-2009-3241)
    (Closes: #533347)
Checksums-Sha1: 
 96c2acea83751731f4abb5d6c68ff7f7204eb1d8 1502 wireshark_1.0.2-3+lenny6.dsc
 55b7a62a3f27d64c3495d02998058046232e44ad 108231 wireshark_1.0.2-3+lenny6.diff.gz
 6d5238352d94c0e4632c70dd3674af77ade45634 11869580 wireshark-common_1.0.2-3+lenny6_amd64.deb
 7e1451ca5cbee1220c77c09db9f0684c966a3837 659488 wireshark_1.0.2-3+lenny6_amd64.deb
 2e77f54fb94c009b41a391b639bd7175401df975 118956 tshark_1.0.2-3+lenny6_amd64.deb
 83015fe8461409825a4a2c749bae1b70d1c38f88 583828 wireshark-dev_1.0.2-3+lenny6_amd64.deb
Checksums-Sha256: 
 1298d19c5a1f052b884472059567170eb23662fdcb0f658d4b9393766760b016 1502 wireshark_1.0.2-3+lenny6.dsc
 907442c2b32acc66c55f18e3403c38c16910e49c15b874d356f82314014043f4 108231 wireshark_1.0.2-3+lenny6.diff.gz
 10992420294f41e44eccfc71f1857b467b281034ed0e82ba565be5d047943e44 11869580 wireshark-common_1.0.2-3+lenny6_amd64.deb
 2313452c858ba61dc484b5dc061011e6eef6ceb8ae383cf9c169c1064eb16af3 659488 wireshark_1.0.2-3+lenny6_amd64.deb
 4a0060984c319d2a66e4d1b520ee4b1e6abc0dd45576da665c9ba465c4646752 118956 tshark_1.0.2-3+lenny6_amd64.deb
 f1a8ddb0678877a4386fdb148572ac78bdad2f044148f434dad4c931299d5ff8 583828 wireshark-dev_1.0.2-3+lenny6_amd64.deb
Files: 
 97ea494c96895163a77a38d7048e8fcf 1502 net optional wireshark_1.0.2-3+lenny6.dsc
 fa57cd3cd571ca4f2d69d1d93bc184ef 108231 net optional wireshark_1.0.2-3+lenny6.diff.gz
 bbfaabd1f45c4596fab2b837f07e150c 11869580 net optional wireshark-common_1.0.2-3+lenny6_amd64.deb
 2326810e565f04f96aba54a5ac216635 659488 net optional wireshark_1.0.2-3+lenny6_amd64.deb
 49c8d30aa56824db7264a70653d76a5b 118956 net optional tshark_1.0.2-3+lenny6_amd64.deb
 8e4c5a0f0963ed641ef104debc24ba68 583828 devel optional wireshark-dev_1.0.2-3+lenny6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkrivJgACgkQ0/r2+3z8lN3JcACgserPJW8IbcC7O/O89wwId55a
WaoAoKjXDJE3fV/IT6S02F0qjEZLQ4Cy
=zF7F
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 31 Jan 2010 07:35:49 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 09:24:24 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.