[Git][security-tracker-team/security-tracker][master] wireshark DSA
Moritz Muehlenhoff
jmm at debian.org
Thu Dec 27 14:54:12 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8e5250be by Moritz Muehlenhoff at 2018-12-27T14:52:55Z
wireshark DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -12753,21 +12753,18 @@ CVE-2018-18228
RESERVED
CVE-2018-18227 (In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol ...)
- wireshark 2.6.4-1
- [stretch] - wireshark <postponed> (Fix along in next DSA)
[jessie] - wireshark <not-affected> (Vulnerable code not present, mswsp support added in v1.99.9)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15119
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d443be449a52f95df5754adc39e1f3472fec2f03
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-47.html
CVE-2018-18226 (In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could ...)
- wireshark 2.6.4-1
- [stretch] - wireshark <postponed> (Fix along in next DSA)
[jessie] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15171
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6e920ddc3cad2886ef07ca1a8e50e2a5c50986f7
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-48.html
CVE-2018-18225 (In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was ...)
- wireshark 2.6.4-1
- [stretch] - wireshark <postponed> (Fix along in next DSA)
[jessie] - wireshark <not-affected> (Vulnerable code not present, 2.31-continue-code added in v2.1.0)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15172
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=09a02cc1ea6de9f6c6cae75b3510a5477ef5f555
@@ -28418,7 +28415,6 @@ CVE-2018-12087 (Failure to validate certificates in OPC Foundation UA Client ...
NOT-FOR-US: OPC UA
CVE-2018-12086 (Buffer overflow in OPC UA applications allows remote attackers to ...)
- wireshark 2.6.4-1
- [stretch] - wireshark <postponed> (Fix along in next DSA)
[jessie] - wireshark <ignored> (changes are too intrusive to backport)
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-50.html
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=28a7a79cac425d1b1ecf06e73add41edd2241e49
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Dec 2018] DSA-4359-1 wireshark - security update
+ {CVE-2018-12086 CVE-2018-18225 CVE-2018-18226 CVE-2018-18227 CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 CVE-2018-19628}
+ [stretch] - wireshark 2.6.5-1~deb9u1
[27 Dec 2018] DSA-4358-1 ruby-sanitize - security update
{CVE-2018-3740}
[stretch] - ruby-sanitize 2.1.0-2+deb9u1
=====================================
data/dsa-needed.txt
=====================================
@@ -53,8 +53,5 @@ sssd
vlc (jmm)
Maintainer proposed to wait for 3.0.5 and release a DSA based on 3.0.5
--
-wireshark
- Balint Reczey is preparing updates to rebase to 2.6.5
---
xen
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e5250be8e9a96643e42070203325a7fc02e3c71
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e5250be8e9a96643e42070203325a7fc02e3c71
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181227/6eed09dd/attachment.html>
More information about the debian-security-tracker-commits
mailing list