Ubuntu
tcpdump package

please merge tcpdump from debian

Bug #1397558 reported by Gianfranco Costamagna
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tcpdump (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

debdiff attached

note: 4 CVEs fixed.

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

abd CVE-9140

Gianfranco Costamagna (costamagnagianfranco)
information type: Private Security → Public Security
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tcpdump - 4.6.2-3ubuntu1

---------------
tcpdump (4.6.2-3ubuntu1) vivid; urgency=low

  * Merge from Debian unstable (LP: #1397558). Remaining changes:
  * debian/control:
    - Build-Depends on dh-apparmor.
    - Suggests apparmor
  * debian/README.Debian, debian/tcpdump.dirs, debian/usr.sbin.tcpdump,
    debian/patches/patches/90_man_apparmor.diff,
    debian/install, debian/rules:
    - Install enforcing AppArmor profile.
  * debian/usr.sbin.tcpdump: allow capability net_admin to support '-j'. Patch
    thanks to Graeme Hewson. (LP: #1229664)

tcpdump (4.6.2-3) unstable; urgency=high

  * Cherry-pick commit 0f95d441e4 from upstream Git to fix a buffer overflow
    in the PPP dissector (CVE-2014-9140).

tcpdump (4.6.2-2) unstable; urgency=high

  * Urgency high due to security fixes.
  * Add three patches extracted from various upstream commits fixing
    vulnerabilities in three dissectors:
    + CVE-2014-8767: missing bounds checks in OLSR dissector (closes: #770434).
    + CVE-2014-8768: missing bounds checks in Geonet dissector
      (closes: #770415).
    + CVE-2014-8769: missing bounds checks in AOVD dissector (closes: #770424).
 -- Gianfranco Costamagna <email address hidden> Sat, 29 Nov 2014 17:52:14 +0100

Changed in tcpdump (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.