[Git][security-tracker-team/security-tracker][master] Track fixed version for wireshark issues via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 14 12:36:46 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8fb52cb2 by Salvatore Bonaccorso at 2023-06-14T13:36:05+02:00
Track fixed version for wireshark issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1992,7 +1992,7 @@ CVE-2023-2817 (A post-authentication stored cross-site scripting vulnerability e
 	NOT-FOR-US: Craft CMS
 CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13  ...)
 	[experimental] - wireshark 4.0.6-1~exp1
-	- wireshark <unfixed>
+	- wireshark 4.0.6-1
 	[bookworm] - wireshark <no-dsa> (Minor issue)
 	[bullseye] - wireshark <not-affected> (vulnerable code introduced later)
 	[buster] - wireshark <not-affected> (vulnerable code introduced in 4.0)
@@ -2002,7 +2002,7 @@ CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.
 CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 ...)
 	{DLA-3443-1}
 	[experimental] - wireshark 4.0.6-1~exp1
-	- wireshark <unfixed>
+	- wireshark 4.0.6-1
 	[bookworm] - wireshark <no-dsa> (Minor issue)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-16.html
@@ -2010,7 +2010,7 @@ CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and
 CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...)
 	{DLA-3443-1}
 	[experimental] - wireshark 4.0.6-1~exp1
-	- wireshark <unfixed>
+	- wireshark 4.0.6-1
 	[bookworm] - wireshark <no-dsa> (Minor issue)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-15.html
@@ -2025,7 +2025,7 @@ CVE-2023-2879 (GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19068
 CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13  ...)
 	[experimental] - wireshark 4.0.6-1~exp1
-	- wireshark <unfixed>
+	- wireshark 4.0.6-1
 	[bullseye] - wireshark <not-affected> (Vulnerable code introduced later)
 	[buster] - wireshark <not-affected> (BLF support added in 3.6)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-13.html
@@ -2033,7 +2033,7 @@ CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.
 	NOTE: Introduced after: https://gitlab.com/wireshark/wireshark/-/commit/796819c955b9dd508d73bb640d56c2625f866862 (v3.5.0)
 CVE-2023-2855 (Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6. ...)
 	[experimental] - wireshark 4.0.6-1~exp1
-	- wireshark <unfixed>
+	- wireshark 4.0.6-1
 	[bookworm] - wireshark <no-dsa> (Minor issue)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	[buster] - wireshark <not-affected> (Candump support added in 3.2)
@@ -6539,21 +6539,21 @@ CVE-2023-1995
 CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12  ...)
 	{DLA-3402-1}
 	[experimental] - wireshark 4.0.5-1~exp1
-	- wireshark <unfixed> (bug #1034721)
+	- wireshark 4.0.6-1 (bug #1034721)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18947
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-11.html
 CVE-2023-1993 (LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6 ...)
 	{DLA-3402-1}
 	[experimental] - wireshark 4.0.5-1~exp1
-	- wireshark <unfixed> (bug #1034721)
+	- wireshark 4.0.6-1 (bug #1034721)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18900
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-10.html
 CVE-2023-1992 (RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6. ...)
 	{DLA-3402-1}
 	[experimental] - wireshark 4.0.5-1~exp1
-	- wireshark <unfixed> (bug #1034721)
+	- wireshark 4.0.6-1 (bug #1034721)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18852
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-09.html
@@ -15641,7 +15641,7 @@ CVE-2023-1162 (A vulnerability, which was classified as critical, was found in D
 CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 an ...)
 	{DLA-3402-1}
 	[experimental] - wireshark 4.0.5-1~exp1
-	- wireshark <unfixed> (bug #1033756)
+	- wireshark 4.0.6-1 (bug #1033756)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-08.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18839
@@ -22327,7 +22327,7 @@ CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-
 	NOT-FOR-US: Fortra GoAnywhere MFT
 CVE-2023-0668 (Due to failure in validating the length provided by an attacker-crafte ...)
 	[experimental] - wireshark 4.0.6-1~exp1
-	- wireshark <unfixed>
+	- wireshark 4.0.6-1
 	[bookworm] - wireshark <no-dsa> (Minor issue)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	[buster] - wireshark <not-affected> (vulnerable code introduced in 3.2)
@@ -22338,7 +22338,7 @@ CVE-2023-0667 (Due to failure in validating the length provided by an attacker-c
 	TODO: check
 CVE-2023-0666 (Due to failure in validating the length provided by an attacker-crafte ...)
 	[experimental] - wireshark 4.0.6-1~exp1
-	- wireshark <unfixed>
+	- wireshark 4.0.6-1
 	[bookworm] - wireshark <no-dsa> (Minor issue)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	[buster] - wireshark <not-affected> (vulnerable code introduced in 3.4)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb52cb2e5cc11f0d9739ba4e6c7485951e03adb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb52cb2e5cc11f0d9739ba4e6c7485951e03adb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230614/c8dab576/attachment.htm>

More information about the debian-security-tracker-commits mailing list