[Git][security-tracker-team/security-tracker][master] Add bug reference for wireshark
Salvatore Bonaccorso
carnil at debian.org
Sun Jun 3 19:53:54 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8a91074e by Salvatore Bonaccorso at 2018-06-03T20:52:48+02:00
Add bug reference for wireshark
I reported those with RC severity (although the severity per se was not
warranted) but it is now a regression from stable having those CVEs
unfixed since a DSA was released.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -795,12 +795,12 @@ CVE-2018-11363 (jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-bas
NOT-FOR-US: PDFGen
CVE-2018-11362 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS ...)
{DLA-1388-1}
- - wireshark <unfixed>
+ - wireshark <unfixed> (bug #900708)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-25.html
CVE-2018-11361 (In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. ...)
- - wireshark <unfixed> (low)
+ - wireshark <unfixed> (low; bug #900708)
[stretch] - wireshark <ignored> (Minor issue, also wasn't backported to older branches due to low impact)
[jessie] - wireshark <not-affected> (vulnerable code not present (TDLS support added in version 2.1.0))
[wheezy] - wireshark <not-affected> (vulnerable code not present (TDLS support added in version 2.1.0))
@@ -808,7 +808,7 @@ CVE-2018-11361 (In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could cra
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1b52f9929238ce3948ec924ae4f9456b5e9df558
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-32.html
CVE-2018-11360 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP ...)
- - wireshark <unfixed>
+ - wireshark <unfixed> (bug #900708)
[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
[jessie] - wireshark <not-affected> (vulnerable code not present (uses static a_bigbuf instead))
[wheezy] - wireshark <not-affected> (vulnerable code not present (uses static a_bigbuf instead))
@@ -816,7 +816,7 @@ CVE-2018-11360 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-30.html
CVE-2018-11359 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC ...)
- - wireshark <unfixed> (low)
+ - wireshark <unfixed> (low; bug #900708)
[stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
@@ -825,12 +825,12 @@ CVE-2018-11359 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-33.html
CVE-2018-11358 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 ...)
{DLA-1388-1}
- - wireshark <unfixed>
+ - wireshark <unfixed> (bug #900708)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14689
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ccb1ac3c8cec47fbbbf2e80ced80644005c65252
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-31.html
CVE-2018-11357 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP ...)
- - wireshark <unfixed> (low)
+ - wireshark <unfixed> (low; bug #900708)
[stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
@@ -838,7 +838,7 @@ CVE-2018-11357 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ab8a33ef083b9732c89117747a83a905a676faf6
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-28.html
CVE-2018-11356 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS ...)
- - wireshark <unfixed> (low)
+ - wireshark <unfixed> (low; bug #900708)
[stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a91074e3c5bcefda4b3806c7ab1b6d9c12b2156
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a91074e3c5bcefda4b3806c7ab1b6d9c12b2156
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180603/270e745c/attachment.html>
More information about the debian-security-tracker-commits
mailing list