oss-sec mailing list archives

Re: Duplicate Wireshark CVEs?

From: Siddharth Sharma <siddharth () redhat com>
Date: Tue, 11 Aug 2015 10:47:46 -0400 (EDT)

Hi,

Any information available on why both Wireshark CVEs
CVE-2015-3811 CVE-2015-2188 point to one fix ?

Thanks
-----------------------------------------------------------------
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A 
Fingerprint :  0x6F04C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A 


----- Original Message -----
From: "Martin Prpic" <mprpic () redhat com>
To: oss-security () lists openwall com
Sent: Monday, August 10, 2015 4:15:31 PM
Subject: [oss-security] Duplicate Wireshark CVEs?

Hello,

It looks like the following two Wireshark advisories fix the same flaw:

https://www.wireshark.org/security/wnpa-sec-2015-14.html
https://www.wireshark.org/security/wnpa-sec-2015-07.html

Both fix a flaw in the WCP dissector and refer to the following bug:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10844

Is there a reason two CVEs were assigned for this, or should one of them
be rejected?

Thanks!

RH bugs:
https://bugzilla.redhat.com/CVE-2015-2188
https://bugzilla.redhat.com/CVE-2015-3811

-- 
Martin Prpič / Red Hat Product Security

Current thread:

Duplicate Wireshark CVEs? Martin Prpic (Aug 10)
- Re: Duplicate Wireshark CVEs? Siddharth Sharma (Aug 11)
- Re: Duplicate Wireshark CVEs? cve-assign (Aug 13)
  - Re: Re: Duplicate Wireshark CVEs? Stuart Henderson (Aug 14)