From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Aug 31 20:00:25 2012 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 517E61065670 for ; Fri, 31 Aug 2012 20:00:25 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DDDE68FC12 for ; Fri, 31 Aug 2012 20:00:24 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q7VK0Ost065339 for ; Fri, 31 Aug 2012 20:00:24 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q7VK0OrQ065338; Fri, 31 Aug 2012 20:00:24 GMT (envelope-from gnats) Resent-Date: Fri, 31 Aug 2012 20:00:24 GMT Resent-Message-Id: <201208312000.q7VK0OrQ065338@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Eygene Ryabinkin Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58D1C106566B; Fri, 31 Aug 2012 19:58:51 +0000 (UTC) (envelope-from rea@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.6.71]) by mx1.freebsd.org (Postfix) with ESMTP id 03B628FC14; Fri, 31 Aug 2012 19:58:50 +0000 (UTC) Received: from void.codelabs.ru (void.codelabs.ru [144.206.6.66]) by 0.mx.codelabs.ru with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) id 1T7XMe-0009l9-9L; Fri, 31 Aug 2012 23:58:50 +0400 Message-Id: <20120831195848.1EF62DA81F@void.codelabs.ru> Date: Fri, 31 Aug 2012 23:58:48 +0400 (MSK) From: Eygene Ryabinkin To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: simon@FreeBSD.org Subject: ports/171220: [vuxml][patch] net/wireshark: fix DoS in DRDA dissector X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eygene Ryabinkin List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Aug 2012 20:00:25 -0000 >Number: 171220 >Category: ports >Synopsis: [vuxml][patch] net/wireshark: fix DoS in DRDA dissector >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 31 20:00:24 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 10.0-CURRENT amd64 >Organization: Code Labs >Environment: System: FreeBSD 10.0-CURRENT amd64 >Description: Wireshark's DRDA dissector is prone to the infinite loop problem if specially crafted traffic is fed into it [1]. >How-To-Repeat: [1] http://www.vuxml.org/freebsd/5415f1b3-f33d-11e1-8bd8-0022156e8794.html >Fix: The patch at http://codelabs.ru/fbsd/ports/wireshark/1.8.2-fix-cve-2012-3548.diff fixes the issue for me. Here is the quality assurance page: http://codelabs.ru/fbsd/ports/qa/net/wireshark/1.8.2_1 When you'll be updating the port, please, include the line {{{ Security: http://www.vuxml.org/freebsd/5415f1b3-f33d-11e1-8bd8-0022156e8794.html }}} into the commit log message. The version specification inside VuXML entry (security/vuxml/vuln.xml) should be changed from "1.9" to the port version that will receive the fix for this CVE. >Release-Note: >Audit-Trail: >Unformatted: