[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Check CVE-2018-6836/wireshark

Salvatore Bonaccorso carnil at debian.org
Sun Feb 18 20:26:52 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc6993b4 by Salvatore Bonaccorso at 2018-02-18T21:26:38+01:00
Check CVE-2018-6836/wireshark

The roblematic code was only introduced in v2.5.0 with commit

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=52823805b29a44a83eacd0e5b415b11227ec313b

which adds "Add support for reading comments in Network Monitor files".

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -930,10 +930,10 @@ CVE-2018-6838
 CVE-2018-6837
 	RESERVED
 CVE-2018-6836 (The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark ...)
-	- wireshark <unfixed>
-	[wheezy] - wireshark <no-dsa> (Minor issue)
+	- wireshark <not-affected> (Vulnerable code introduced in v2.5.0)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397
-	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=28960d79cca262ac6b974f339697b299a1e28fef
+	NOTE: Introduced by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=52823805b29a44a83eacd0e5b415b11227ec313b
+	NOTE: Fixed by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=28960d79cca262ac6b974f339697b299a1e28fef
 CVE-2018-6835 (node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 ...)
 	- etherpad-lite <itp> (bug #576998)
 CVE-2018-6834 (static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc6993b4a87a5118ba66591362976e1b8bc662ba

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc6993b4a87a5118ba66591362976e1b8bc662ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180218/1b7dbba2/attachment.html>

More information about the Secure-testing-commits mailing list