[Git][security-tracker-team/security-tracker][master] new wireshark issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Apr 30 15:54:33 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eece5274 by Moritz Muehlenhoff at 2026-04-30T16:54:05+02:00
new wireshark issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -221,28 +221,63 @@ CVE-2026-5657 (iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-20.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21113
 CVE-2026-5655 (SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial ...)
+	- wireshark <unfixed>
 	[trixie] - wireshark <not-affected> (Only affects 4.6.x)
 	[bookworm] - wireshark <not-affected> (Only affects 4.6.x)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-19.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21112
 CVE-2026-5654 (AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 all ...)
-	TODO: check
+	- wireshark <unfixed>
+	[trixie] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark <no-dsa> (Minor issue)
+	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-18.html
+	NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21111
 CVE-2026-5653 (DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4. ...)
-	TODO: check
+	- wireshark <unfixed>
+	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-22.html
+	NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21122
 CVE-2026-5409 (Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0  ...)
-	TODO: check
+	- wireshark <unfixed>
+	[trixie] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark <no-dsa> (Minor issue)
+	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-08.html
+	NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21066
 CVE-2026-5408 (BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0  ...)
-	TODO: check
+	- wireshark <unfixed>
+	[trixie] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark <no-dsa> (Minor issue)
+	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-09.html
+	NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21067
 CVE-2026-5407 (SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and  ...)
-	TODO: check
+	- wireshark <unfixed>
+	[trixie] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark <no-dsa> (Minor issue)
+	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-11.html
+	NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21073
 CVE-2026-5406 (FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4. ...)
-	TODO: check
+	- wireshark <unfixed>
+	[trixie] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark <no-dsa> (Minor issue)
+	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-10.html
+	NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21070
 CVE-2026-5402 (TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allow ...)
-	TODO: check
+	- wireshark <unfixed>
+	[trixie] - wireshark <not-affected> (Only affects 4.6.x)
+	[bookworm] - wireshark <not-affected> (Only affects 4.6.x)
+	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-14.html
+	NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21090
 CVE-2026-5401 (AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and ...)
-	TODO: check
+	- wireshark <unfixed>
+	[trixie] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark <no-dsa> (Minor issue)
+	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-13.html
+	NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21088
 CVE-2026-5299 (ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4. ...)
-	TODO: check
+	- wireshark <unfixed>
+	[trixie] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark <no-dsa> (Minor issue)
+	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-12.html
+	NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21077
 CVE-2026-41226 (Open redirect vulnerability exists in Multiple laser printers and MFPs ...)
 	TODO: check
 CVE-2026-34965 (Cockpit CMS contains an authenticated remote code execution vulnerabil ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -103,5 +103,7 @@ tomcat10 (apo)
 --
 tomcat11/stable (apo)
 --
+wireshark
+--
 xrdp
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eece5274583bd97c4ba4c93da74712a322a12cf1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eece5274583bd97c4ba4c93da74712a322a12cf1
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260430/a55a41e3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list