[Git][security-tracker-team/security-tracker][master] wireshark: CVE triaging and no DLA for now
Adrian Bunk (@bunk)
bunk at debian.org
Tue Aug 31 13:14:07 BST 2021
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d55b7eff by Adrian Bunk at 2021-08-31T15:12:51+03:00
wireshark: CVE triaging and no DLA for now
- CVE-2021-22222 was introoduced in 3.4
- CVE-2021-22235: mention regression caused by the original fix
- there is not enough for a DLA right now
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -43035,6 +43035,7 @@ CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to
[stretch] - wireshark <postponed> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-06.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17462
+ NOTE: Regression fix: https://gitlab.com/wireshark/wireshark/-/merge_requests/3616
CVE-2021-22234 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions 13.10 an ...)
@@ -43063,10 +43064,12 @@ CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5
[experimental] - wireshark 3.4.6-1~exp1
- wireshark 3.4.7-1
[bullseye] - wireshark <postponed> (Minor issue, can be fixed along in future update)
- [buster] - wireshark <postponed> (Minor issue, can be fixed along in future update)
- [stretch] - wireshark <postponed> (Minor issue)
+ [buster] - wireshark <not-affected> (Vulnerability introduced in 3.4)
+ [stretch] - wireshark <not-affected> (Vulnerability introduced in 3.4)
+ [jessie] - wireshark <not-affected> (Vulnerability introduced in 3.4)
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/3130
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-05.html
+ NOTE: Caused by https://gitlab.com/wireshark/wireshark/-/commit/4bf4ee88f0544727e7f89f3f288c6afd2f650a4c
CVE-2021-22221 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2021-22220 (An issue has been discovered in GitLab affecting all versions starting ...)
=====================================
data/dla-needed.txt
=====================================
@@ -108,5 +108,3 @@ squashfs-tools (Thorsten Alteholz)
--
sssd (Anton Gladky)
--
-wireshark (Adrian Bunk)
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d55b7eff90db8487e20106c2c09e61293a477e89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d55b7eff90db8487e20106c2c09e61293a477e89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210831/b3c939c7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list