-
wireshark (1.2.11-6+squeeze14) oldstable-security; urgency=high
* security fixes from Wireshark 1.8.11:
- The MPEG file parser could overflow a buffer.
Discovered by Wesley Neelen. (CVE-2014-2299)
-- Balint Reczey <email address hidden> Sun, 09 Mar 2014 16:13:49 +0100
-
wireshark (1.2.11-6+squeeze13) oldstable-security; urgency=high
* security fixes from Wireshark 1.8.11:
- The TCP dissector could crash. (CVE-2013-6340)
-- Balint Reczey <email address hidden> Sun, 03 Nov 2013 13:08:01 +0100
-
wireshark (1.2.11-6+squeeze12) oldstable-security; urgency=high
* security fixes from Wireshark 1.8.10:
- The RTPS dissector could overflow a buffer. Discovered by Ben Schmidt.
(No assiged CVE number)
- The LDAP dissector could crash.
(No assiged CVE number)
- The Netmon file parser could crash. Discovered by G. Geshev.
(No assiged CVE number)
-- Balint Reczey <email address hidden> Wed, 11 Sep 2013 10:31:19 +0200
-
wireshark (1.2.11-6+squeeze9) stable-security; urgency=high
* security fixes from Wireshark 1.8.5:
- The CLNP dissector could crash. Discovered independently by
Laurent Butti and the Wireshark development team (CVE-2013-1582)
- The DTLS dissector could crash. Discovered by Laurent Butti.
(CVE-2013-1586)
- The DCP-ETSI dissector could corrupt memory. Discovered by Laurent Butti.
(CVE-2013-1588)
- The Wireshark dissection engine could crash. Discovered by Laurent Butti.
- The NTLMSSP dissector could overflow a buffer. Discovered by
Ulf Härnhammar. (CVE-2013-1590)
-- Balint Reczey <email address hidden> Thu, 14 Feb 2013 15:28:57 +0100
-
wireshark (1.2.11-6+squeeze7) stable-proposed-updates; urgency=low
* security fixes from Wireshark 1.4.12:
- The ANSI A dissector could dereference a NULL pointer and crash
(CVE-2012-1593)
- The pcap and pcap-ng file parsers could crash trying to read ERF data
(CVE-2012-1595)
-- Balint Reczey <email address hidden> Fri, 04 May 2012 23:47:43 +0200
-
wireshark (1.2.11-6+squeeze6) stable-security; urgency=low
* Fix CVE-2011-3483, CVE-2011-0042, CVE-2012-0068, CVE-2012-0067,
CVE-2012-0066, CVE-2011-0041 (Patches provided by Balint)
-- Moritz Muehlenhoff <email address hidden> Wed, 25 Jan 2012 16:11:58 +0000
-
wireshark (1.2.11-6+squeeze5) stable-security; urgency=high
* security fixes from Wireshark 1.4.10:
- Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a
buffer overflow in the ERF file reader. (CVE-2011-4102)
-- Balint Reczey <email address hidden> Thu, 03 Nov 2011 22:29:02 +0100
-
wireshark (1.2.11-6+squeeze2) stable-security; urgency=high
* security fixes from Wireshark 1.2.16:
- The X.509if dissector could crash. (CVE-2011-1590)
* security fixes from Wireshark 1.2.17 (Closes: #630159):
- Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
that a corrupted Visual Networks file could crash Wireshark.
(CVE-2011-2175)
- David Maciejak of Fortinet's FortiGuard Labs discovered that
malformed compressed capture data could crash Wireshark.
(CVE-2011-2174)
- Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
that a corrupted snoop file could crash Wireshark.
(CVE-2011-1959)
- Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
that a corrupted Diameter dictionary file could crash Wireshark.
(CVE-2011-1958)
- Large/infinite loop in the DICOM dissector.
(CVE-2011-1957)
-- Balint Reczey <email address hidden> Sun, 12 Jun 2011 21:23:05 +0200
-
wireshark (1.2.11-6+squeeze1) stable-security; urgency=high
* security fixes from Wireshark 1.2.15: - Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that Wireshark could free an uninitialized pointer while reading a malformed pcap-ng file. (CVE-2011-0538) (Closes: #613202) - Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a large packet length in a pcap-ng file could crash Wireshark - Wireshark could overflow a buffer while reading a Nokia DCT3 trace file. (CVE-2011-0713) - joernchen of Phenoelit discovered that the LDAP and SMB dissectors could overflow the stack. - Xiaopeng Zhang of Fortinet's Fortiguard Labs discovered that large LDAP Filter strings can consume excessive amounts of memory. -- Balint Reczey <email address hidden> Wed, 01 Mar 2011 01:17:41 +0100
-
wireshark (1.2.11-6) unstable; urgency=high
* security fixes from Wireshark 1.2.14: - FRAsse discovered that the MAC-LTE dissector could overflow a buffer. (No assigned CVE number.) - FRAsse discovered that the ENTTEC dissector could overflow a buffer. (CVE-2010-4538) (Closes: #608990) -- Balint Reczey <email address hidden> Thu, 13 Jan 2011 01:58:46 +0100
-
wireshark (1.2.11-5) unstable; urgency=low
* raise Python 2.6 compatible exceptions (Closes: #585370) -- Balint Reczey <email address hidden> Fri, 24 Dec 2010 15:13:09 +0100
-
wireshark (1.2.11-4) unstable; urgency=high
* security fixes from Wireshark 1.2.13:
- Nephi Johnson of BreakingPoint discovered that the LDSS dissector
could overflow a buffer. (No assigned CVE number.)
* stability fix from Wireshark 1.2.13:
- fix crash when running tshark -x without -V (Closes: #600314)
-- Balint Reczey <email address hidden> Sun, 21 Nov 2010 20:26:36 +0100
-
wireshark (1.2.11-3) unstable; urgency=high
* security fixes from Wireshark 1.2.12:
- The Penetration Test Team of NCNIPC (China) discovered that the
ASN.1 BER dissector was susceptible to a stack overflow
(CVE-2010-3445)
- fix crash in RPC dissector
-- Balint Reczey <email address hidden> Fri, 15 Oct 2010 22:46:22 +0200
-
wireshark (1.2.10-2+squeeze1) testing-proposed-updates; urgency=low
* [Debconf translation updates]
- Basque (Iñaki Larrañaga Murgoitio).
* Backport changes from 1.2.11
- Fix segmentation fault (Closes: #597703)
- Fix inifinite loop in Bootstrap Protocol dissector
- Fix crash in RTSP dissector
- Fix crash when filtering packets based on expert info
- Fix crash when generating PostScript output
[Daniel T Chen]
* 22_lp606063-fix-assertion-capture_start.patch:
Handle event handler being invoked recursively. Fix backported from
upstream SVN r33906. Thanks, Gregor Beck!
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5126
(LP: #606063)
-- Balint Reczey <email address hidden> Fri, 03 Sep 2010 13:08:21 +0200
-
wireshark (1.2.10-2) unstable; urgency=low
* [Debconf translation updates]
- Japanese (Hideki Yamane (Debian-JP)). (Closes: #591563)
- French (Simon Paillard). (Closes: #593214)
- Danish (Joe Hansen). (Closes: #594738)
- Brazilian Portuguese (Adriano Rafael Gomes). (Closes: #594780)
- Basque (Iñaki Larrañaga Murgoitio).
* debian/control: updated policy to 3.9.1 (no changes needed)
-- Balint Reczey <email address hidden> Wed, 04 Aug 2010 13:24:07 +0200
-
wireshark (1.2.10-1) unstable; urgency=high
* New upstream release 1.2.10
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html
- security fixes
- The SigComp Universal Decompressor Virtual Machine could overrun a
buffer. (CVE-2010-2287)
- Due to a regression the ASN.1 BER dissector could exhaust stack
memory. (CVE-2010-2284)
- The GSM A RR dissector could crash. (No assigned CVE number.)
- The IPMI dissector could go into an infinite loop.
(No assigned CVE number.)
* [Debconf translation updates]
- German (Helge Kreutzmann). (Closes: #590484)
-- Balint Reczey <email address hidden> Fri, 30 Jul 2010 08:30:02 +0200
-
wireshark (1.2.9-1) unstable; urgency=high
* New upstream release 1.2.8
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html
- security fixes
- The SMB dissector could dereference a NULL pointer.
(No assigned CVE number.)
- J. Oquendo discovered that the ASN.1 BER dissector could overrun
the stack. (No assigned CVE number.)
- The SMB PIPE dissector could dereference a NULL pointer on some
platforms. (No assigned CVE number.)
- The SigComp Universal Decompressor Virtual Machine could go into
an infinite loop. (No assigned CVE number.)
- The SigComp Universal Decompressor Virtual Machine could overrun a
buffer. (No assigned CVE number.)
* drop sensitive open patch as it has been integrated upstream
-- Balint Reczey <email address hidden> Fri, 07 May 2010 01:49:01 +0200
-
wireshark (1.2.8-1) unstable; urgency=low
* New upstream release 1.2.8
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html
- Fix crash when double-clicking on empty packet list (Closes: #576097)
- security fixes
- The DOCSIS dissector could crash. (No assigned CVE number.)
[ Hilko Bengen ]
* provide debug symbols in wireshark-dbg package (Closes: #574284)
-- Balint Reczey <email address hidden> Thu, 06 May 2010 17:26:54 +0200
-
wireshark (1.2.7-1) unstable; urgency=low
* New upstream release 1.2.7
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html
* fix purging wireshark-common when removing wireshark system group fails
* fix crash when opening About box with disabled OID resolution
(Closes: #574086)
-- Balint Reczey <email address hidden> Thu, 01 Apr 2010 11:11:37 +0100
-
wireshark (1.2.6-5) unstable; urgency=low
* disable OID resolution in default configuration (Closes: #568050)
-- Balint Reczey <email address hidden> Tue, 02 Mar 2010 19:38:07 +0100
-
wireshark (1.2.6-3) unstable; urgency=low
* falling back to setting set-user-id bit if using Linux Capabilities fails
(Closes: #570193)
-- Balint Reczey <email address hidden> Wed, 17 Feb 2010 11:29:56 +0100
-
wireshark (1.2.6-1) unstable; urgency=high
* New upstream release 1.2.6
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.2.6.html
- security fixes
- Babi discovered several buffer overflows in the LWRES dissector.
(No assigned CVE number.)
(Closes: #565744)
* [Debconf translation updates]
- Brazilian Portuguese (Rafael Henrique da Silva Correia).
(Closes: #565306)
* remove dependency on libsnmp-base
* suggest snmp-mibs-downloader instead of libsmi2-common
-- Balint Reczey <email address hidden> Fri, 15 Jan 2010 21:51:34 +0100
-
wireshark (1.2.5-1) unstable; urgency=high
* New upstream release 1.2.5
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.2.5.html
- security fixes
- The Daintree SNA file parser could overflow a buffer.
(No assigned CVE number.)
- The SMB and SMB2 dissectors could crash. (No assigned CVE number.)
- The IPMI dissector could crash on Windows. (No assigned CVE number.)
* fix FTBS because of missing idl2deb.dbk (Closes: #560553)
* suggest solutions on missing MIBs popup (Closes: #560727)
* restrict watch check to stable versions
* change source package format to 3.0 (quilt)
* new maintainer is Balint Reczey
-- Balint Reczey <email address hidden> Fri, 11 Dec 2009 16:29:01 +0100
-
wireshark (1.2.4-3) unstable; urgency=low
* depend on libsnmp-base instead of libsmi2-common (Closes: #557626)
* libsmi2-common is just suggested by wireshark-common from now
* build-depend on python-ply
-- Balint Reczey <email address hidden> Mon, 23 Nov 2009 10:38:21 +0100
-
wireshark (1.2.4-2) unstable; urgency=low
[ Jakub Wilk ]
* import lex from ply in asn2wrs (Closes: #554613)
-- Balint Reczey <email address hidden> Thu, 19 Nov 2009 23:29:24 +0100
-
wireshark (1.2.2-1) unstable; urgency=high
* New upstream release 1.2.2
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html
- security fixes
- The GSM A RR dissector could crash. (CVE-2009-3242)
- The OpcUa dissector could use excessive CPU and memory. (CVE-2009-3241)
- The TLS dissector could crash on some platforms.
(Closes: #547704)
* dropped sigpipe patch as it has been integrated upstream
* debian/{control,rules}: add and enable hardened build for PIE
Thanks to Kees Cook <email address hidden> for the patch. (Closes: #542736)
* update standards-version to 3.8.3
* applied dumpcap patch that was added to source package in 1.0.7-1
but was not applied during build
-- Balint Reczey <email address hidden> Fri, 28 Aug 2009 00:44:22 +0200
-
wireshark (1.2.1-2) unstable; urgency=low
* added option to install dumpcap with setuid root
* removed wireshark-root.desktop to discourage running Wireshark as root
* dropped umask patch
-- Balint Reczey <email address hidden> Tue, 28 Jul 2009 18:30:03 +0200
-
wireshark (1.2.1-1) unstable; urgency=high
* New upstream release 1.2.1
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.2.1.html
- security fixes
- The IPMI dissector could overrun a buffer. (CVE-2009-2559)
- The AFS dissector could crash. (CVE-2009-2562)
- The Infiniband dissector could crash on some platforms. (CVE-2009-2563)
- The Bluetooth L2CAP dissector could crash. (CVE-2009-2560)
- The RADIUS dissector could crash. (CVE-2009-2560)
- The MIOP dissector could crash. (CVE-2009-2560)
- The sFlow dissector could use excessive CPU and memory. (CVE-2009-2561)
(Closes: #538237)
* dropped gnutls pkg-config patch as it has been integrated upstream
* include asn2wrs.py (Closes: #518441)
* fix inclusion of Python modules wireshark_be.py and wireshark_gen.py
* updated idl2deb (Closes: #470316)
Thanks to W. Borgert for the patch.
* override lintian warning binary-or-shlib-defines-rpath
* update standards-version to 3.8.2
-- Balint Reczey <email address hidden> Tue, 14 Jul 2009 20:01:56 +0200
-
wireshark (1.2.0-1) unstable; urgency=low
* New upstream release 1.2.0
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.2.0.html
(Closes: #487613, #520884, #482545, #376405, #512298)
* use c-ares instead of adns (Closes: #427928, #411265)
* depend on libgeoip1 to make use of brand new GeoIP support in 1.2.0
* added description for 09_idl2wrs.dpatch
* recommend menu instead of gksu (Closes: #524360)
* dropped Clique RM dissector patch as it is still not integrated upstream
* depend on libsmi2-common
-- Balint Reczey <email address hidden> Tue, 30 Jun 2009 20:48:16 -0700
-
wireshark (1.0.8-1) unstable; urgency=low
* New upstream release 1.0.8
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.0.8.html
- security fixes:
- The PCNFSD dissector could crash.(No assigned CVE number.)
* add README.source (Closes: #524364)
* removed wireshark-dev's dependency on removed omniidl package
-- Balint Reczey <email address hidden> Fri, 26 Jun 2009 20:31:26 -0700
-
wireshark (1.0.7-1) unstable; urgency=low
* New upstream release 1.0.7
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.0.7.html
- security fixes:
- The PROFINET dissector was vulnerable to a format string
overflow. (CVE-2009-1210)
- The LDAP dissector could crash on Windows. (CVE-2009-1267)
- The Check Point High-Availability Protocol (CPHAP) dissector
could crash. (CVE-2009-1268)
- Wireshark could crash while loading a Tektronix .rf5 file
(CVE-2009-1269)
* update standards-version to 3.8.1
* add 21_dumpcap.dpatch with patch from Rob Leslie <email address hidden>
that should avoid dumpcap seeing stop on CTRL-C as an error
(Closes: #518435)
-- Joost Yervante Damad <email address hidden> Sat, 11 Apr 2009 10:06:45 +0200
-
wireshark (1.0.6-1) unstable; urgency=low
* new upstream release 1.0.6
- release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.0.6.html
- security fixes:
- On non-Windows systems, Wireshark could crash if the HOME
environment variable contained sprintf-style string
formatting characters
- Wireshark could crash while reading a malformed NetScreen
snoop file
- Wireshark could crash while reading a Tektronix K12 text
capture file
* add 20_sigpipe patch from ubuntu, which restores the default
sigpipe action, meaning that the app won't hang under gksu
(Closes: #478169)
-- Joost Yervante Damad <email address hidden> Sat, 07 Feb 2009 15:35:10 +0100
