wireshark 0.99.6rel-3ubuntu0.1 source package in Ubuntu

Changelog

wireshark (0.99.6rel-3ubuntu0.1) gutsy-security; urgency=low

  * SECURITY UPDATE: (LP: #164501)
    + CVE-2007-6121: Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows
      remote attackers to cause a denial of service (crash) via a malformed RPC
      Portmap packet.
    + CVE-2007-6120: The Bluetooth SDP dissector Wireshark (formerly Ethereal)
      0.99.2 to 0.99.6 allows remote attackers to cause a denial of service
      (infinite loop) via unknown vectors.
    + CVE-2007-6117: Unspecified vulnerability in the HTTP dissector for
      Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote
      attack vectors related to chunked messages.
    + CVE-2007-6114: Multiple buffer overflows in Wireshark (formerly
      Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of
      service (crash) and possibly execute arbitrary code via (1) the SSL dissector
      or (2) the iSeries (OS/400) Communication trace file parser.
    + CVE-2007-6113: Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows
      remote attackers to cause a denial of service (long loop) via a malformed DNP
      packet.
    + CVE-2007-6119: The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6
      allows remote attackers to cause a denial of service (long loop and
      resource consumption) via unknown vectors.
    + CVE-2007-6118: The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to
      0.99.6 allows remote attackers to cause a denial of service (long loop and
      resource consumption) via unknown vectors.
    + CVE-2007-6116: The Firebird/Interbase dissector in Wireshark (formerly Ethereal)
      0.99.6 allows remote attackers to cause a denial of service (infinite loop
      or crash) via unknown vectors.
    + CVE-2007-6115: Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal)
      0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause
      a denial of service and possibly execute arbitrary code via unknown vectors.
    + CVE-2007-6112: Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6
      allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary
      code via unknown vectors.
    + CVE-2007-6111: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow
      remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or
      (2) unspecified vectors to the NCP dissector.
  * debian/patches/13_CVE-2007-6121.dpatch:
    - Applied patch by upstream
    - Link: http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1132
  * debian/patches/13_CVE-2007-6120.dpatch:
    - Applied patch by upstream
    - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-btsdp.c?r1=21431&r2=23496&view=patch
  * debian/patches/13_CVE-2007-6117.dpatch:
    - Applied patch by upstream
    - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-http.c?r1=22515&r2=23415&view=patch
  * debian/patches/13_CVE-2007-6114.dpatch:
    - Applied patch by upstream
    - Link 1: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ssl-utils.h?r1=21445&r2=22883&view=patch
    - Link 2: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ssl.c?r1=22625&r2=22883&view=patch
    - Link 3: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/wiretap/iseries.c?r1=23000&r2=23232&view=patch
  * debian/patches/13_CVE-2007-6113.dpatch:
    - Applied patch by upstream
    - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-dnp.c?r1=22764&r2=22811&view=patch
  * debian/patches/13_CVE-2007-6119.dpatch:
    - Applied patch by upstream
    - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-dcp-etsi.c?r1=22542&r2=23463&view=patch
  * debian/patches/13_CVE-2007-6118.dpatch:
    - Applied patch by upstream
    - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-megaco.c?r1=23150&r2=23449&view=patch
  * debian/patches/13_CVE-2007-6116.dpatch:
    - Applied patch by upstream
    - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-gdsdb.c?r1=23211&r2=23251&view=patch
  * debian/patches/13_CVE-2007-6115.dpatch:
    - Applied patch by upstream
    - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ansi_map.c?r1=22866&r2=22892&view=patch
  * debian/patches/13_CVE-2007-6112.dpatch:
    - Applied patch by upstream
    - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ppp.c?r1=23252&r2=23475&view=patch
  * debian/patches/13_CVE-2007-6111.dpatch:
    - Applied patch by upstream
    - Link 1: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/wiretap/mpeg.c?r1=21489&r2=22261
    - Link 2: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ncp.c?r1=21167&r2=23252&view=patch
  * debian/control:
    - Updated Maintainer field following Ubuntu Maintainer Policy
  * References:
    CVE-2007-6121
    CVE-2007-6120
    CVE-2007-6117
    CVE-2007-6114
    CVE-2007-6113
    CVE-2007-6119
    CVE-2007-6118
    CVE-2007-6116
    CVE-2007-6115
    CVE-2007-6112
    CVE-2007-6111
    http://www.wireshark.org/security/wnpa-sec-2007-03.html

 -- Stephan Hermann <email address hidden>   Thu, 29 Nov 2007 13:58:59 +0100