oss-sec mailing list archives
Re: CVE Request: wireshark releases
From: Andreas Stieger <astieger () suse com>
Date: Thu, 9 Jun 2016 13:16:09 +0200
Hello, On 06/08/2016 09:28 AM, Marcus Meissner wrote:
Please assign CVEs to the current wireshark releases (if not done so). Wireshark 2.0.4 https://www.wireshark.org/lists/wireshark-announce/201606/msg00000.html Wireshark 1.12.12 https://www.wireshark.org/lists/wireshark-announce/201606/msg00001.html
Specifically: https://www.wireshark.org/security/wnpa-sec-2016-29 <https://www.wireshark.org/security/wnpa-sec-2016-29.html> SPOOLS infinite loop. Fixed in 2.0.4, 1.12.12. https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b https://www.wireshark.org/security/wnpa-sec-2016-30 <https://www.wireshark.org/security/wnpa-sec-2016-30.html> IEEE 802.11 dissector crash. Fixed in 2.0.4, 1.12.12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11585 https://github.com/wireshark/wireshark/commit/9b0b20b8d5f8c9f7839d58ff6c5900f7e19283b4 https://www.wireshark.org/security/wnpa-sec-2016-31 <https://www.wireshark.org/security/wnpa-sec-2016-31.html> IEEE 802.11 dissector crash, different from wpna-sec-2016-30. Fixed in 2.0.4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12175 https://github.com/wireshark/wireshark/commit/b6d838eebf4456192360654092e5587c5207f185 https://www.wireshark.org/security/wnpa-sec-2016-32 <https://www.wireshark.org/security/wnpa-sec-2016-32.html> UMTS FP crash. Fixed in 2.0.4, 1.12.12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12191 https://github.com/wireshark/wireshark/commit/7d7190695ce2ff269fdffb04e87139995cde21f4 https://www.wireshark.org/security/wnpa-sec-2016-33 <https://www.wireshark.org/security/wnpa-sec-2016-33.html> USB dissector crash. Fixed in 2.0.4, 1.12.12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12356 https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6 https://www.wireshark.org/security/wnpa-sec-2016-34 <https://www.wireshark.org/security/wnpa-sec-2016-34.html> Toshiba file parser crash. Fixed in 2.0.4, 1.12.12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12394 https://github.com/wireshark/wireshark/commit/3270dfac43da861c714df76513456b46765ff47f https://github.com/wireshark/wireshark/commit/5efb45231671baa2db2011d8f67f9d6e72bc455b https://www.wireshark.org/security/wnpa-sec-2016-35 <https://www.wireshark.org/security/wnpa-sec-2016-35.html> CoSine file parser crash. Fixed in 2.0.4, 1.12.12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12395 https://github.com/wireshark/wireshark/commit/a66628e425db725df1ac52a3c573a03357060ddd https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500 https://www.wireshark.org/security/wnpa-sec-2016-36 <https://www.wireshark.org/security/wnpa-sec-2016-36.html> NetScreen file parser crash. Fixed in 2.0.4, 1.12.12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396 https://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82 https://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78 https://www.wireshark.org/security/wnpa-sec-2016-37 <https://www.wireshark.org/security/wnpa-sec-2016-37.html> Ethernet dissector crash. Fixed in 2.0.4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12440 https://github.com/wireshark/wireshark/commit/2c13e97d656c1c0ac4d76eb9d307664aae0e0cf7 https://www.wireshark.org/security/wnpa-sec-2016-38 <https://www.wireshark.org/security/wnpa-sec-2016-38.html> WBXML infinite loop. Fixed in 1.12.12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12408 https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0 Andreas -- Andreas Stieger <astieger () suse com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Current thread:
- CVE Request: wireshark releases Marcus Meissner (Jun 08)
- Re: CVE Request: wireshark releases Andreas Stieger (Jun 09)
- Re: CVE Request: wireshark releases cve-assign (Jun 09)
- Re: CVE Request: wireshark releases Andreas Stieger (Jun 09)