Date: Tue, 5 May 2009 23:52:32 +0400 (MSD) From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/134245: [vuxml] net/wireshark: document security issues fixed in 1.0.7 Message-ID: <20090505195232.8D36A1725F@amnesiac.at.no.dns> Resent-Message-ID: <200905052110.n45LA365089012@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 134245 >Category: ports >Synopsis: [vuxml] net/wireshark: document security issues fixed in 1.0.7 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue May 05 21:10:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 8.0-CURRENT amd64 >Organization: Code Labs >Environment: System: FreeBSD 8.0-CURRENT amd64 >Description: 3 vulnerabilities (and one concerning Windows, but I'm not counting it here) were fixed in wireshark 1.0.7: [1], [2]. >How-To-Repeat: [1] http://www.wireshark.org/docs/relnotes/wireshark-1.0.7.html [2] http://www.wireshark.org/security/wnpa-sec-2009-02.html >Fix: Port was already updated, we're fine here. The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- <vuln vid="defce068-39aa-11de-a493-001b77d09812"> <topic>wireshark -- multiple vulnerabilities</topic> <affects> <package> <name>wireshark</name> <name>wireshark-lite</name> <range><ge>0.99.6</ge><lt>1.0.7</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>Wireshark team reports:</p> <blockquote cite="http://www.wireshark.org/security/wnpa-sec-2009-02.html">; <p>Wireshark 1.0.7 fixes the following vulnerabilities:</p> <ul> <li>The PROFINET dissector was vulnerable to a format string overflow. (Bug 3382) Versions affected: 0.99.6 to 1.0.6, CVE-2009-1210.</li> <li>The Check Point High-Availability Protocol (CPHAP) dissector could crash. (Bug 3269) Versions affected: 0.9.6 to 1.0.6; CVE-2009-1268.</li> <li>Wireshark could crash while loading a Tektronix .rf5 file. (Bug 3366) Versions affected: 0.99.6 to 1.0.6, CVE-2009-1269.</li> </ul> </blockquote> </body> </description> <references> <cvename>CVE-2009-1210</cvename> <cvename>CVE-2009-1268</cvename> <cvename>CVE-2009-1269</cvename> <bid>34291</bid> <bid>34457</bid> <url>http://www.wireshark.org/security/wnpa-sec-2009-02.html</url>; </references> <dates> <discovery>2009-04-06</discovery> <entry>TODAY</entry> </dates> </vuln> --- vuln.xml ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090505195232.8D36A1725F>