oss-sec mailing list archives
Re: CVE Request: Multiple issues fixed in wireshark 1.6.2
From: Josh Bressers <bressers () redhat com>
Date: Wed, 14 Sep 2011 14:19:44 -0400 (EDT)
----- Original Message -----
2. Wireshark Lua script execution vulnerability http://www.wireshark.org/security/wnpa-sec-2011-15.html https://bugzilla.redhat.com/show_bug.cgi?id=737784
Use CVE-2011-3360 for the above. Are the below worth assigning CVE ids to? The advisory seems to suggest they are crash only fixes. Do those deserve CVE IDs? I know we've been fairly generous with wireshark in the past, but I'm wondering if we need to draw a line somewhere.
1, Wireshark CSN.1 dissector vulnerability http://www.wireshark.org/security/wnpa-sec-2011-16.html https://bugzilla.redhat.com/show_bug.cgi?id=737783 3. Wireshark buffer exception handling vulnerability http://www.wireshark.org/security/wnpa-sec-2011-14.html https://bugzilla.redhat.com/show_bug.cgi?id=737785 4. Wireshark OpenSafety dissector vulnerability http://www.wireshark.org/security/wnpa-sec-2011-12.html https://bugzilla.redhat.com/show_bug.cgi?id=737787
Thanks. -- JB
Current thread:
- CVE Request: Multiple issues fixed in wireshark 1.6.2 Huzaifa Sidhpurwala (Sep 12)
- Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Josh Bressers (Sep 14)
- Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Steven M. Christey (Sep 14)
- Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Josh Bressers (Sep 14)
- Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Steven M. Christey (Sep 14)
- Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Steven M. Christey (Sep 14)
- Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Josh Bressers (Sep 14)