[Git][security-tracker-team/security-tracker][master] wireshark DSA

Sun Feb 8 19:45:11 GMT 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8603934f by Moritz Mühlenhoff at 2026-02-08T20:43:28+01:00
wireshark DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8854,10 +8854,10 @@ CVE-2026-0961 (BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.
 	NOTE: Fixed by: https://gitlab.com/wireshark/wireshark/-/commit/516ba22c34bd62468c2967ac476146bc03482679
 	NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/4e8603b60438650fe3329d5a0a0e8ff0bc96b08c (v4.3.0rc1)
 CVE-2026-0960 (HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 all ...)
-	- wireshark 4.6.3-1 (bug #1125690; unimportant)
+	- wireshark 4.6.3-1 (bug #1125690)
+	[bookworm] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-04.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20944
-	NOTE: Hang in CLI tool, no security impact
 CVE-2026-0959 (IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4 ...)
 	- wireshark 4.6.3-1 (bug #1125690)
 	[bookworm] - wireshark <not-affected> (Vulnerable code not present)
@@ -29243,15 +29243,15 @@ CVE-2025-61940 (NMIS/BioDose V22.02 and previous versions rely on a common SQL S
 CVE-2025-55181 (Sending an HTTP request/response body with greater than 2^31 bytes tri ...)
 	NOT-FOR-US: Meta software not packaged in Debian
 CVE-2025-13946 (MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 t ...)
-	- wireshark 4.6.2-1 (unimportant)
+	- wireshark 4.6.2-1
+	[bookworm] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-08.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20884
-	NOTE: Hang in CLI tool, no security impact
 CVE-2025-13945 (HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of se ...)
-	- wireshark 4.6.2-1 (unimportant)
+	- wireshark 4.6.2-1
+	[bookworm] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-07.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20860
-	NOTE: Hang in CLI tool, no security impact
 CVE-2025-13646 (The Modula Image Gallery plugin for WordPress is vulnerable to arbitra ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13645 (The Modula Image Gallery plugin for WordPress is vulnerable to arbitra ...)
@@ -31730,10 +31730,10 @@ CVE-2025-36072 (IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15
 CVE-2025-25613 (FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45 ...)
 	NOT-FOR-US: FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless
 CVE-2025-13499 (Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows de ...)
-	- wireshark 4.6.1-1 (unimportant)
+	- wireshark 4.6.1-1
+	[bookworm] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-06.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20823
-	NOTE: Crash in CLI tool, no security impact
 CVE-2025-13485 (A security flaw has been discovered in itsourcecode Online File Manage ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-13484 (A vulnerability was identified in Campcodes Complete Online Beauty Par ...)
@@ -44457,10 +44457,9 @@ CVE-2025-31718 (In modem, there is a possible system crash due to improper input
 CVE-2025-31717 (In modem, there is a possible system crash due to improper input valid ...)
 	NOT-FOR-US: Unisoc
 CVE-2025-11626 (MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to ...)
-	- wireshark 4.6.0-1 (bug #1117852; unimportant)
+	- wireshark 4.6.0-1 (bug #1117852)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-04.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20724
-	NOTE: Hang in CLI tool, no security impact
 CVE-2025-11593 (A flaw has been found in CodeAstro Gym Management System 1.0. This vul ...)
 	NOT-FOR-US: CodeAstro
 CVE-2025-11592 (A vulnerability was detected in CodeAstro Gym Management System 1.0. T ...)
@@ -60587,10 +60586,9 @@ CVE-2025-9832 (A security vulnerability has been detected in SourceCodester Food
 CVE-2025-9831 (A weakness has been identified in PHPGurukul Beauty Parlour Management ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-9817 (SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of servi ...)
-	- wireshark 4.4.9-1 (unimportant)
+	- wireshark 4.4.9-1
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-03.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20642
-	NOTE: Crash in CLI tool, no security impact
 CVE-2025-9785 (PaperCut Print Deploy is an optional component that integrates with Pa ...)
 	NOT-FOR-US: PaperCut
 CVE-2025-9378 (The Vayu Blocks \u2013 Website Builder for the Block Editor plugin for ...)
@@ -124273,9 +124271,8 @@ CVE-2025-23020 (An issue was discovered in Kwik before 0.10.1. A hash collision
 CVE-2025-21355 (Missing Authentication for Critical Function in Microsoft Bing allows  ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-1492 (Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 ...)
-	- wireshark 4.4.4-1 (unimportant)
+	- wireshark 4.4.4-1
 	[bullseye] - wireshark <not-affected> (Vulnerable dissector not present)
-	NOTE: Crash in CLI tool, no security impact
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-01.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20373
 	NOTE: CBOR Object Signing and Encryption (COSE) dissector introduced in 3.6.0rc0
@@ -163752,13 +163749,11 @@ CVE-2024-9798 (The health endpoint is public so everybody can see a list of all
 CVE-2024-9796 (The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not saniti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9781 (AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4. ...)
-	- wireshark 4.4.1-1 (unimportant)
-	NOTE: Crash in CLI tool, no security impact
+	- wireshark 4.4.1-1
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2024-13.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20114
 CVE-2024-9780 (ITS dissector crash in Wireshark 4.4.0 allows denial of service via pa ...)
-	- wireshark 4.4.1-1 (unimportant)
-	NOTE: Crash in CLI tool, no security impact
+	- wireshark 4.4.1-1
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2024-12.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20026
 CVE-2024-9685 (The Notification for Telegram plugin for WordPress is vulnerable to un ...)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Feb 2026] DSA-6124-1 wireshark - security update
+	{CVE-2025-9817 CVE-2025-11626 CVE-2025-13499 CVE-2025-13945 CVE-2025-13946 CVE-2026-0959 CVE-2026-0960 CVE-2026-0961 CVE-2026-0962}
+	[trixie] - wireshark 4.4.13-0+deb13u1
 [07 Feb 2026] DSA-6123-1 xrdp - security update
 	{CVE-2025-68670}
 	[bookworm] - xrdp 0.9.21.1-1+deb12u2


=====================================
data/dsa-needed.txt
=====================================
@@ -82,6 +82,3 @@ sympa/oldstable
 --
 usbmuxd (corsac)
 --
-wireshark (jmm)
-  debian-security-tools team pinged
---



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8603934fb700b0c92345820491e96b920c452f0c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8603934fb700b0c92345820491e96b920c452f0c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260208/0cece1c5/attachment-0001.htm>
