[Git][security-tracker-team/security-tracker][master] Add CVE-2019-5721/wireshark

Salvatore Bonaccorso carnil at debian.org
Wed Jan 9 21:23:47 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb188b32 by Salvatore Bonaccorso at 2019-01-09T21:23:28Z
Add CVE-2019-5721/wireshark

Issue was adressed in 2.5.1 upstream with the upstream commit

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=177962a5b4a05759b40fb6fc07a4a6eec306a9bf

and cherry-picked for the 2.4.x branch.

2.6.1-1 was the first version in the archive via unstable containing the
change.

For stretch later on wireshark got rebased on rebuild from the unstable
version. The first one in the 2.6.x series on this strategy was
2.6.3-1~deb9u1.

Mark first version via stretch/stretch-security beeing 2.6.3-1~deb9u1 as
the fixed version.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77,7 +77,13 @@ CVE-2019-5723
 CVE-2019-5722
 	RESERVED
 CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was ...)
-	TODO: check
+	- wireshark 2.6.1-1
+	[stretch] - wireshark 2.6.3-1~deb9u1
+	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14470
+	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c66174ec7aa19e2ddc79178cf59f15a654fc4fe
+	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-05.html
+	NOTE: Fix for 2.4.x was a cherry pick of:
+	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=177962a5b4a05759b40fb6fc07a4a6eec306a9bf (2.5.1)
 CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix configuration ...)
 	TODO: check
 CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb188b3288ae63d19a72f9ce89ec63d59153a66e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb188b3288ae63d19a72f9ce89ec63d59153a66e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190109/7b74f977/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list