From owner-svn-ports-head@FreeBSD.ORG Sat Aug 18 02:30:29 2012 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 40D8F106566B; Sat, 18 Aug 2012 02:30:29 +0000 (UTC) (envelope-from wxs@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 2AD048FC14; Sat, 18 Aug 2012 02:30:29 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7I2UTmg057524; Sat, 18 Aug 2012 02:30:29 GMT (envelope-from wxs@svn.freebsd.org) Received: (from wxs@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7I2USGb057522; Sat, 18 Aug 2012 02:30:28 GMT (envelope-from wxs@svn.freebsd.org) Message-Id: <201208180230.q7I2USGb057522@svn.freebsd.org> From: Wesley Shields Date: Sat, 18 Aug 2012 02:30:28 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r302701 - head/security/vuxml X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Aug 2012 02:30:29 -0000 Author: wxs Date: Sat Aug 18 02:30:28 2012 New Revision: 302701 URL: http://svn.freebsd.org/changeset/ports/302701 Log: Document multiple wireshark vulnerabilities. Two are from 1.8.1 (CVE-2012-4048 and CVE-2012-4049). The remaining are from 1.8.2 which is not in ports yet. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Aug 18 01:25:12 2012 (r302700) +++ head/security/vuxml/vuln.xml Sat Aug 18 02:30:28 2012 (r302701) @@ -52,6 +52,93 @@ Note: Please add new entries to the beg --> + + Wireshark -- Multiple vulnerabilities + + + wireshark + 1.8.2 + + + wireshark-lite + 1.8.2 + + + tshark + 1.8.2 + + + tshark-lite + 1.8.2 + + + + +

Wireshark reports:

+
It may be possible to make Wireshark crash by injecting a + malformed packet onto the wire or by convincing someone to read a + malformed packet trace file.
+
It may be possible to make Wireshark consume excessive CPU + resources by injecting a malformed packet onto the wire or by + convincing someone to read a malformed packet trace file.
+
The PPP dissector could crash.
+
The NFS dissector could use excessive amounts of CPU.
+
The DCP ETSI dissector could trigger a zero division.
+
The MongoDB dissector could go into a large loop.
+
The XTP dissector could go into an infinite loop.
+
The ERF dissector could overflow a buffer.
+
The AFP dissector could go into a large loop.
+
The RTPS2 dissector could overflow a buffer.
+
The GSM RLC MAC dissector could overflow a buffer.
+
The CIP dissector could exhaust system memory.
+
The STUN dissector could crash.
+
The EtherCAT Mailbox dissector could abort.
+
The CTDB dissector could go into a large loop.
+
The pcap-ng file parser could trigger a zero division.
+
The Ixia IxVeriWave file parser could overflow a buffer.
+

+ + + + CVE-2012-4048 + CVE-2012-4049 + CVE-2012-4285 + CVE-2012-4286 + CVE-2012-4287 + CVE-2012-4288 + CVE-2012-4289 + CVE-2012-4290 + CVE-2012-4291 + CVE-2012-4292 + CVE-2012-4293 + CVE-2012-4294 + CVE-2012-4295 + CVE-2012-4296 + CVE-2012-4297 + CVE-2012-4298 + http://www.wireshark.org/security/wnpa-sec-2012-11.html + http://www.wireshark.org/security/wnpa-sec-2012-12.html + http://www.wireshark.org/security/wnpa-sec-2012-13.html + http://www.wireshark.org/security/wnpa-sec-2012-14.html + http://www.wireshark.org/security/wnpa-sec-2012-15.html + http://www.wireshark.org/security/wnpa-sec-2012-16.html + http://www.wireshark.org/security/wnpa-sec-2012-17.html + http://www.wireshark.org/security/wnpa-sec-2012-18.html + http://www.wireshark.org/security/wnpa-sec-2012-19.html + http://www.wireshark.org/security/wnpa-sec-2012-20.html + http://www.wireshark.org/security/wnpa-sec-2012-21.html + http://www.wireshark.org/security/wnpa-sec-2012-22.html + http://www.wireshark.org/security/wnpa-sec-2012-23.html + http://www.wireshark.org/security/wnpa-sec-2012-24.html + http://www.wireshark.org/security/wnpa-sec-2012-25.html + + + 2012-07-22 + 2012-08-18 + + + databases/postgresql*-server -- multiple vulnerabilities