[Git][security-tracker-team/security-tracker][master] Some whreshark updtes for bookworm were already included via DSA 6249-1

Thu May 14 06:08:06 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19028585 by Salvatore Bonaccorso at 2026-05-14T07:07:52+02:00
Some whreshark updtes for bookworm were already included via DSA 6249-1

The were accepted in the archive in the +deb12u2 version and the DSA
6249-1 did build on top of it. Thus for tracking use the version which
would have landed in the archive and is a released version (and as well
found via snapshots.d.o)

Link: https://snapshot.debian.org/package/wireshark/4.0.17-0%2Bdeb12u2/

- - - - -


2 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -59846,7 +59846,7 @@ CVE-2026-0961 (BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.
 CVE-2026-0960 (HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 all ...)
 	{DSA-6124-1 DLA-4479-1}
 	- wireshark 4.6.3-1 (bug #1125690)
-	[bookworm] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark 4.0.17-0+deb12u2
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2026-04.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20944
 CVE-2026-0959 (IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4 ...)
@@ -80503,13 +80503,13 @@ CVE-2025-55181 (Sending an HTTP request/response body with greater than 2^31 byt
 CVE-2025-13946 (MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 t ...)
 	{DSA-6124-1 DLA-4479-1}
 	- wireshark 4.6.2-1
-	[bookworm] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark 4.0.17-0+deb12u2
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-08.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20884
 CVE-2025-13945 (HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of se ...)
 	{DSA-6124-1 DLA-4479-1}
 	- wireshark 4.6.2-1
-	[bookworm] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark 4.0.17-0+deb12u2
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-07.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20860
 CVE-2025-13646 (The Modula Image Gallery plugin for WordPress is vulnerable to arbitra ...)
@@ -83005,7 +83005,7 @@ CVE-2025-25613 (FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabi
 CVE-2025-13499 (Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows de ...)
 	{DSA-6124-1 DLA-4479-1}
 	- wireshark 4.6.1-1
-	[bookworm] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark 4.0.17-0+deb12u2
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-06.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20823
 CVE-2025-13485 (A security flaw has been discovered in itsourcecode Online File Manage ...)
@@ -95782,7 +95782,7 @@ CVE-2025-31717 (In modem, there is a possible system crash due to improper input
 CVE-2025-11626 (MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to ...)
 	{DSA-6124-1 DLA-4479-1}
 	- wireshark 4.6.0-1 (bug #1117852)
-	[bookworm] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark 4.0.17-0+deb12u2
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-04.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20724
 CVE-2025-11593 (A flaw has been found in CodeAstro Gym Management System 1.0. This vul ...)
@@ -111948,7 +111948,7 @@ CVE-2025-9831 (A weakness has been identified in PHPGurukul Beauty Parlour Manag
 CVE-2025-9817 (SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of servi ...)
 	{DSA-6124-1}
 	- wireshark 4.4.9-1
-	[bookworm] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark 4.0.17-0+deb12u2
 	[bullseye] - wireshark <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-03.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20642
@@ -139582,7 +139582,7 @@ CVE-2025-5601 (Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to
 	{DLA-4479-1}
 	[experimental] - wireshark 4.4.7-0exp1
 	- wireshark 4.4.7-1 (bug #1107515)
-	[bookworm] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark 4.0.17-0+deb12u2
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-02.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20509
 CVE-2025-5600 (A vulnerability, which was classified as critical, has been found in T ...)
@@ -175752,7 +175752,7 @@ CVE-2025-21355 (Missing Authentication for Critical Function in Microsoft Bing a
 	NOT-FOR-US: Microsoft
 CVE-2025-1492 (Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 ...)
 	- wireshark 4.4.4-1
-	[bookworm] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark 4.0.17-0+deb12u2
 	[bullseye] - wireshark <not-affected> (Vulnerable dissector not present)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-01.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20373
@@ -201234,7 +201234,7 @@ CVE-2024-52067 (Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4
 CVE-2024-11596 (ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 al ...)
 	{DLA-4479-1}
 	- wireshark 4.4.2-1
-	[bookworm] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark 4.0.17-0+deb12u2
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2024-15.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20214
 CVE-2024-11595 (FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2 ...)
@@ -215251,7 +215251,7 @@ CVE-2024-9796 (The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not s
 CVE-2024-9781 (AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4. ...)
 	{DLA-4479-1}
 	- wireshark 4.4.1-1
-	[bookworm] - wireshark <no-dsa> (Minor issue)
+	[bookworm] - wireshark 4.0.17-0+deb12u2
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2024-13.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20114
 CVE-2024-9780 (ITS dissector crash in Wireshark 4.4.0 allows denial of service via pa ...)


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -50,26 +50,6 @@ CVE-2026-27810
 	[bookworm] - calibre 6.13.0+repack-2+deb12u6
 CVE-2025-64329
 	[bookworm] - containerd 1.6.20~ds1-1+deb12u3
-CVE-2024-11596
-	[bookworm] - wireshark 4.0.17-0+deb12u2
-CVE-2025-5601
-	[bookworm] - wireshark 4.0.17-0+deb12u2
-CVE-2024-9781
-	[bookworm] - wireshark 4.0.17-0+deb12u2
-CVE-2025-11626
-	[bookworm] - wireshark 4.0.17-0+deb12u2
-CVE-2025-13499
-	[bookworm] - wireshark 4.0.17-0+deb12u2
-CVE-2025-13945
-	[bookworm] - wireshark 4.0.17-0+deb12u2
-CVE-2025-13946
-	[bookworm] - wireshark 4.0.17-0+deb12u2
-CVE-2025-9817
-	[bookworm] - wireshark 4.0.17-0+deb12u2
-CVE-2026-0960
-	[bookworm] - wireshark 4.0.17-0+deb12u2
-CVE-2025-1492
-	[bookworm] - wireshark 4.0.17-0+deb12u2
 CVE-2025-48038
 	[bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4
 CVE-2025-48039



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/190285855867f1c111527bdb4b400ba8f810e390

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/190285855867f1c111527bdb4b400ba8f810e390
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260514/b4965e1f/attachment-0001.htm>
