Wireshark mailing list archives
Re: Security issue being reported by the SecuniaPSI scanner.
From: "Anders Broman" <a.broman () telia com>
Date: Thu, 7 Jan 2010 09:13:27 +0100
Hi, At the time of 1.2.5 GTK 2.16.2 was the latest version... Besides gdk_window_begin_implicit_paint() is not used by Wireshark So most probably this is a non issue. Regards Anders -----Ursprungligt meddelande----- Från: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] För Richard Brooks Skickat: den 7 januari 2010 06:37 Till: 'Developer support list for Wireshark' Ämne: Re: [Wireshark-dev] Security issue being reported by the SecuniaPSI scanner. True, but if all it takes to put it right is to include the later version, then why not include the later version? Regards Richard <RichardBUK () Sky com> -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Bill Meier Sent: 06 January 2010 22:47 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Security issue being reported by the Secunia PSI scanner. Stephen Fisher wrote:
On Jan 6, 2010, at 3:20 PM, Richard Brooks wrote:Hello Bill, in my last email I neglected to add the Secunia report information you asked for.Your screenshots show that you're running Wireshark v1.2.5 with GTK+ 2.16.2. I don't see anything that says "security" in the release notes (news) for GTK+ from v2.16.2 -> the latest 2.16, which is 2.16.6: http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.6.news http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.5.news http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.4.news http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.3.news This is still something worth looking into. I see that GTK+ 2.18.x is the current stable maintained branch, while 2.16.x is "old" but "but in some respects more stable" (http://www.gtk.org/download- windows.html). Steve
Going one level deeper: It turns out the the Secunia Security ID which is being reported is SA37852: GTK+ "gdk_window_begin_implicit_paint()" Foreign Windows Weakness. http://secunia.com/advisories/37852/ Among other things the advisory says "fixed in GTK 2.18.5". The security level is reported as "not criotical" ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Security issue being reported by the Secunia PSI scanner. Richard Brooks (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Bill Meier (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Richard Brooks (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Richard Brooks (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Stephen Fisher (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Bill Meier (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Richard Brooks (Jan 06)
- Re: Security issue being reported by the SecuniaPSI scanner. Anders Broman (Jan 07)
- Re: Security issue being reported by the SecuniaPSI scanner. Richard Brooks (Jan 07)
- Re: Security issue being reported by the Secunia PSI scanner. Bill Meier (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Aaron Turner (Jan 06)