Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 647
    • Issues 647
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 170
    • Merge Requests 170
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #1923

Closed
Open
Opened May 21, 2013 by Peter Kotcauer@kocka
  • Report abuse
  • New issue
Report abuse New issue

[v2.2] Wireshark 1.8.7 and 1.6.15 fixes several security issues

Wireshark upstream has released 1.8.7, 1.6.15 versions,
correcting multiple security flaws:

  1. http://www.wireshark.org/security/wnpa-sec-2013-31.html

Use CVE-2013-3561. Note that this CVE is shared with issues covered by
wnpa-sec-2013-30 and (part of) wnpa-sec-2013-29.

  1. http://www.wireshark.org/security/wnpa-sec-2013-30.html

Use CVE-2013-3561. Note that this CVE is shared with issues covered by
wnpa-sec-2013-31 and (part of) wnpa-sec-2013-29.

  1. http://www.wireshark.org/security/wnpa-sec-2013-29.html

Use CVE-2013-3561 for the Bug 8448 issue. Note that this CVE is shared
with issues covered by wnpa-sec-2013-30 and wnpa-sec-2013-31.

Use CVE-2013-3562 for the Bug 8449 issue.

  1. http://www.wireshark.org/security/wnpa-sec-2013-28.html

Use CVE-2013-3560.

  1. http://www.wireshark.org/security/wnpa-sec-2013-27.html

Use CVE-2013-3559.

  1. http://www.wireshark.org/security/wnpa-sec-2013-26.html

Use CVE-2013-3558.

  1. http://www.wireshark.org/security/wnpa-sec-2013-25.html

Use CVE-2013-3556 for the Bug 8599 issue addressed in r48943.

Use CVE-2013-3557 for the Bug 8599 issue addressed in r48944.

It is possible that CVE-2013-3556 only affects people who made their
own builds from the Wireshark trunk, and does not affect users of any
Wireshark release. Although MITRE does not always assign CVE names for
such development-code issues, in this case it is useful for clarifying
the scope of CVE-2013-3557.

  1. http://www.wireshark.org/security/wnpa-sec-2013-24.html

Use CVE-2013-3555.

  1. http://www.wireshark.org/security/wnpa-sec-2013-23.html

Further Note regarding 9):
The CVE-2013-2486 && CVE-2013-2487 identifiers
have been originally assigned for the 9) issue for the
fix in v1.8.6. The patch should contain two patches,
but only one was applied. Not sure if a new CVE identifier
should be assigned for this case.

See comment 13 in Wireshark bug 8364. CVE-2013-2486 is about revision
47805, and CVE-2013-2487 is about revision 47808 (an issue with a
different discoverer than 47805). MITRE will later publish an update
to the information about affected versions within our CVE-2013-2486
description.

(from redmine: issue id 1923, created on 2013-05-21, closed on 2013-05-22)

  • Relations:
    • parent #1918 (closed)
  • Changesets:
    • Revision c624044a by Natanael Copa on 2013-05-21T11:57:13Z:
main/wireshark: security upgrade to 1.6.15 (CVE-2013-3555,CVE-2013-3556,CVE-2013-3557,CVE-2013-3558,CVE-2013-3559,CVE-2013-3560,CVE-2013-3561,CVE-2013-3562)

fixes #1923
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
3
Labels
High tag:security type:bug
Assign labels
  • View project labels
Reference: alpine/aports#1923