[Git][security-tracker-team/security-tracker][master] Reserve DLA-3906-1 for wireshark
Adrian Bunk (@bunk)
bunk at debian.org
Mon Sep 30 08:26:19 BST 2024
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b212c387 by Adrian Bunk at 2024-09-30T10:26:06+03:00
Reserve DLA-3906-1 for wireshark
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3794,7 +3794,6 @@ CVE-2024-8654 (MongoDB Server may access non-initialized region of memory leadin
CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 a ...)
- wireshark 4.2.6-1
[bookworm] - wireshark <no-dsa> (Minor issue)
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-10.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19559
CVE-2024-8543 (The Slider comparison image before and after plugin for WordPress is v ...)
@@ -36909,7 +36908,6 @@ CVE-2024-4855 (Use after free issue in editcap could cause denial of service via
CVE-2024-4854 (MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4. ...)
- wireshark 4.2.5-1
[bookworm] - wireshark <no-dsa> (Minor issue)
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <postponed> (can be piggyback'd with the next update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-07.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19726
@@ -53632,7 +53630,6 @@ CVE-2024-30231 (Unrestricted Upload of File with Dangerous Type vulnerability in
CVE-2024-2955 (T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 a ...)
- wireshark 4.2.4-1 (bug #1068111)
[bookworm] - wireshark <no-dsa> (Minor issue)
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-06.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19695
@@ -73202,7 +73199,6 @@ CVE-2024-21623 (OTCLient is an alternative tibia client for otserv. Prior to com
CVE-2024-0211 (DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via ...)
- wireshark 4.2.2-1 (bug #1059925)
[bookworm] - wireshark <no-dsa> (Minor issue)
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-05.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19557
@@ -73216,7 +73212,6 @@ CVE-2024-0210 (Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of se
CVE-2024-0209 (IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3 ...)
- wireshark 4.2.2-1 (bug #1059925)
[bookworm] - wireshark <no-dsa> (Minor issue)
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-02.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19501
@@ -73226,7 +73221,6 @@ CVE-2024-0208 (GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6
{DLA-3746-1}
- wireshark 4.2.2-1 (bug #1059925)
[bookworm] - wireshark <no-dsa> (Minor issue)
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-01.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19496
CVE-2024-0207 (HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via ...)
@@ -81460,7 +81454,6 @@ CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API
CVE-2023-6175 (NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to ...)
{DSA-5559-1 DLA-3746-1}
- wireshark 4.0.11-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-29.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19404
CVE-2023-6174 (SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of serv ...)
@@ -95329,7 +95322,6 @@ CVE-2023-34723 (An issue was discovered in TechView LA-5570 Wireless Gateway 1.0
CVE-2023-2906 (Due to a failure in validating the length provided by an attacker-craf ...)
{DSA-5559-1}
- wireshark 4.0.8-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (Vulnerable code introduced in 3.0.0)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-26.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19229
@@ -95622,20 +95614,17 @@ CVE-2023-XXXX [tryton-server lack of record validation]
CVE-2023-4513 (BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to ...)
{DSA-5559-1 DLA-3746-1}
- wireshark 4.0.8-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19259
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-25.html
CVE-2023-4512 (CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of serv ...)
{DSA-5559-1}
- wireshark 4.0.8-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19144
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-23.html
CVE-2023-4511 (BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 t ...)
{DSA-5559-1 DLA-3746-1}
- wireshark 4.0.8-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19258
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-24.html
CVE-2023-4230 (A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4 ...)
@@ -100838,14 +100827,12 @@ CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository frox
CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of ser ...)
{DSA-5559-1}
- wireshark 4.0.7-1 (bug #1041101)
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-22.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19164
CVE-2023-3648 (Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 ...)
{DSA-5559-1}
- wireshark 4.0.7-1 (bug #1041101)
- [bullseye] - wireshark <not-affected> (Vulnerable code not present)
[buster] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-21.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19105
@@ -106441,7 +106428,6 @@ CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0
{DSA-5429-1 DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-20.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19100
CVE-2023-2836 (The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross ...)
@@ -106858,21 +106844,18 @@ CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and
{DSA-5429-1 DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-16.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19083
CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...)
{DSA-5429-1 DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-15.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19081
CVE-2023-2879 (GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 al ...)
{DSA-5429-1 DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-14.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19068
CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 ...)
@@ -106888,7 +106871,6 @@ CVE-2023-2855 (Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to
{DSA-5429-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (Candump support added in 3.2)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-12.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19062
@@ -111586,21 +111568,18 @@ CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.
{DSA-5429-1 DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- wireshark 4.0.6-1 (bug #1034721)
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18947
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-11.html
CVE-2023-1993 (LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6 ...)
{DSA-5429-1 DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- wireshark 4.0.6-1 (bug #1034721)
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18900
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-10.html
CVE-2023-1992 (RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6. ...)
{DSA-5429-1 DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- wireshark 4.0.6-1 (bug #1034721)
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18852
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-09.html
CVE-2023-1991
@@ -120955,7 +120934,6 @@ CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0
{DSA-5429-1 DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
- wireshark 4.0.6-1 (bug #1033756)
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-08.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18839
NOTE: Only affects ISO 15765 dissector in bullseye and older,
@@ -127900,7 +127878,6 @@ CVE-2023-0668 (Due to failure in validating the length provided by an attacker-c
{DSA-5429-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (vulnerable code introduced in 3.2)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-19.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19087
@@ -127908,7 +127885,6 @@ CVE-2023-0668 (Due to failure in validating the length provided by an attacker-c
CVE-2023-0667 (Due to failure in validating the length provided by an attacker-crafte ...)
{DSA-5429-1}
- wireshark 4.0.6-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://takeonme.org/cves/CVE-2023-0667.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19086
@@ -127916,7 +127892,6 @@ CVE-2023-0666 (Due to failure in validating the length provided by an attacker-c
{DSA-5429-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark 4.0.6-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (vulnerable code introduced in 3.4)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-18.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19085
@@ -131159,13 +131134,11 @@ CVE-2022-48280
CVE-2023-0412 (TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 a ...)
{DLA-3313-1}
- wireshark 4.0.3-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-07.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18770
CVE-2023-0411 (Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and ...)
{DLA-3313-1}
- wireshark 4.0.3-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-06.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18711
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18720
@@ -131173,12 +131146,10 @@ CVE-2023-0411 (Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.
CVE-2023-0415 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...)
{DLA-3313-1}
- wireshark 4.0.3-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-05.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18796
CVE-2023-0416 (GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 an ...)
- wireshark 4.0.3-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (Vulnerable code introduced later)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-04.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18779
@@ -131187,13 +131158,11 @@ CVE-2023-0416 (GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.
CVE-2023-0413 (Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...)
{DLA-3313-1}
- wireshark 4.0.3-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-03.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18766
CVE-2023-0417 (Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 ...)
{DLA-3313-1}
- wireshark 4.0.3-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-02.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18628
CVE-2023-0414 (Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial o ...)
@@ -142295,14 +142264,12 @@ CVE-2021-4243
CVE-2022-4345 (Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in ...)
{DLA-3313-1}
- wireshark 4.0.2-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-09.html
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/8991
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/8986
NOTE: https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f
CVE-2022-4344 (Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 t ...)
- wireshark 4.0.2-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (vulernable loop in code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-10.html
NOTE: likely https://gitlab.com/wireshark/wireshark/-/commit/e0bd9d312c362318fd19e41c6c0e23fc81d42253
@@ -163439,7 +163406,6 @@ CVE-2022-3191 (Insertion of Sensitive Information into Log File vulnerability in
NOT-FOR-US: Hitachi
CVE-2022-3190 (Infinite loop in the F5 Ethernet Trailer protocol dissector in Wiresha ...)
- wireshark 3.6.8-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (vulernable code not present, poc does not trigger)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18307
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-06.html
@@ -207873,14 +207839,12 @@ CVE-2022-24981 (A reflected cross-site scripting (XSS) vulnerability in forms ge
CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 ...)
{DLA-2967-1}
- wireshark 3.6.2-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html
CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6. ...)
{DLA-2967-1}
- wireshark 3.6.2-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054049
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-02.html
@@ -207899,21 +207863,18 @@ CVE-2022-0584
CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3 ...)
{DLA-2967-1}
- wireshark 3.6.2-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17840
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-03.html
CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to ...)
{DLA-2967-1}
- wireshark 3.6.2-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17882
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-04.html
CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3. ...)
{DLA-2967-1}
- wireshark 3.6.2-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17935
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html
@@ -218449,7 +218410,6 @@ CVE-2021-45919 (Studio 42 elFinder through 2.1.31 allows XSS via an SVG document
NOT-FOR-US: Studio 42 elFinder
CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...)
- wireshark 3.6.2-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (The vulnerable code is not present)
[stretch] - wireshark <not-affected> (The vulnerable code is not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
@@ -218711,7 +218671,6 @@ CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.
NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...)
- wireshark 3.6.0-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (The vulnerable code is not present)
[stretch] - wireshark <not-affected> (The vulnerable code is not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html
@@ -218719,14 +218678,12 @@ CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allow
CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...)
{DLA-2967-1}
- wireshark 3.6.2-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745
CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...)
{DLA-2967-1}
- wireshark 3.6.2-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-18.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17754
@@ -218739,7 +218696,6 @@ CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755
CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...)
- wireshark 3.6.2-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <not-affected> (The vulnerable code is not present)
[stretch] - wireshark <not-affected> (The vulnerable code is not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html
@@ -218747,7 +218703,6 @@ CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3
CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...)
{DLA-2967-1}
- wireshark 3.6.2-1
- [bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark 2.6.20-0+deb10u4
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-21.html
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/5429
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Sep 2024] DLA-3906-1 wireshark - security update
+ {CVE-2021-4181 CVE-2021-4182 CVE-2021-4184 CVE-2021-4185 CVE-2021-4186 CVE-2021-4190 CVE-2022-0581 CVE-2022-0582 CVE-2022-0583 CVE-2022-0585 CVE-2022-0586 CVE-2022-3190 CVE-2022-4344 CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413 CVE-2023-0415 CVE-2023-0416 CVE-2023-0417 CVE-2023-0666 CVE-2023-0667 CVE-2023-0668 CVE-2023-1161 CVE-2023-1992 CVE-2023-1993 CVE-2023-1994 CVE-2023-2855 CVE-2023-2856 CVE-2023-2858 CVE-2023-2879 CVE-2023-2906 CVE-2023-2952 CVE-2023-3648 CVE-2023-3649 CVE-2023-4511 CVE-2023-4512 CVE-2023-4513 CVE-2023-6175 CVE-2024-0208 CVE-2024-0209 CVE-2024-0211 CVE-2024-2955 CVE-2024-4853 CVE-2024-4854 CVE-2024-8250 CVE-2024-8645}
+ [bullseye] - wireshark 3.4.16-0+deb11u1
[29 Sep 2024] DLA-3905-1 cups-filters - security update
{CVE-2024-47076 CVE-2024-47176}
[bullseye] - cups-filters 1.28.7-1+deb11u3
=====================================
data/dla-needed.txt
=====================================
@@ -229,10 +229,6 @@ upx-ucl
webkit2gtk
NOTE: 20240926: Added by Front-Desk (lamby)
--
-wireshark (Adrian Bunk)
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: bullseye currently lags behind lacking fixes present in both buster and bookworm (Beuc/front-desk)
---
wordpress (apo)
NOTE: 20240922: Added by Front-Desk (apo)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b212c3878095511c3ec7c404a035cd7a31df2afe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b212c3878095511c3ec7c404a035cd7a31df2afe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240930/9673bb3b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list