[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2021-4182,CVE-2021-4183,CVE-2021-4186,CVE-2021-4190: wireshark/Stretch/Buster

Markus Koschany (@apo) apo at debian.org
Thu Mar 31 21:36:22 BST 2022 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02238caa by Markus Koschany at 2022-03-31T22:36:05+02:00
CVE-2021-4182,CVE-2021-4183,CVE-2021-4186,CVE-2021-4190: wireshark/Stretch/Buster

Mark CVE-2021-4182,CVE-2021-4183,CVE-2021-4186,CVE-2021-4190 as not-affected
in Stretch and Buster because the vulnerable code is not present/was introduced
later.

- - - - -
82970e23 by Markus Koschany at 2022-03-31T22:36:06+02:00
Reserve DLA-2967-1 for wireshark

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18881,7 +18881,8 @@ CVE-2021-45919 (Studio 42 elFinder through 2.1.31 allows XSS via an SVG document
 CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of  ...)
 	- wireshark 3.6.2-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
-	[buster] - wireshark <no-dsa> (Minor issue)
+	[buster] - wireshark <not-affected> (The vulnerable code is not present)
+	[stretch] - wireshark <not-affected> (The vulnerable code is not present)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
 CVE-2021-4189 [ftplib should not use the host from the PASV response]
@@ -19132,7 +19133,8 @@ CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.
 CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...)
 	- wireshark 3.6.0-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
-	[buster] - wireshark <no-dsa> (Minor issue)
+	[buster] - wireshark <not-affected> (The vulnerable code is not present)
+	[stretch] - wireshark <not-affected> (The vulnerable code is not present)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737
 CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...)
@@ -19150,13 +19152,15 @@ CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0
 CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of se ...)
 	- wireshark 3.6.2-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
-	[buster] - wireshark <no-dsa> (Minor issue)
+	[buster] - wireshark <not-affected> (The vulnerable code is not present)
+	[stretch] - wireshark <not-affected> (The vulnerable code is not present)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-19.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755
 CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...)
 	- wireshark 3.6.2-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
-	[buster] - wireshark <no-dsa> (Minor issue)
+	[buster] - wireshark <not-affected> (The vulnerable code is not present)
+	[stretch] - wireshark <not-affected> (The vulnerable code is not present)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801
 CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Mar 2022] DLA-2967-1 wireshark - security update
+	{CVE-2021-4181 CVE-2021-4184 CVE-2021-4185 CVE-2021-22191 CVE-2022-0581 CVE-2022-0582 CVE-2022-0583 CVE-2022-0585 CVE-2022-0586}
+	[stretch] - wireshark 2.6.20-0+deb9u3
 [31 Mar 2022] DLA-2962-2 pjproject - regression update
 	[stretch] - pjproject 2.5.5~dfsg-6+deb9u4
 [30 Mar 2022] DLA-2966-1 libgc - security update


=====================================
data/dla-needed.txt
=====================================
@@ -133,9 +133,6 @@ waitress
   NOTE: 20220320: instead. Someone with more Python knowledge should take another look
   NOTE: 20220320: at it. (apo)
 --
-wireshark (Markus Koschany)
-  NOTE: 20220324: I am currently testing the update.
---
 zabbix
 --
 zlib (Anton)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3ad2b7d8032d0db9e64d49a2cf0adb4b487cced2...82970e2343227924f4a46b1ff5bda17efb7aac5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3ad2b7d8032d0db9e64d49a2cf0adb4b487cced2...82970e2343227924f4a46b1ff5bda17efb7aac5f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220331/0e65e11e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list