wireshark 1.0.0-1 source package in Ubuntu

Changelog

wireshark (1.0.0-1) unstable; urgency=low

  * Several security issues were solved in 0.99.7 already:
    (closes: #452381)
    * allow remote attackers to cause a denial of service (crash) via (1) a
      crafted MP3 file or (2) unspecified vectors to the NCP dissector
      (CVE-2007-6111)
    * Buffer overflow in the PPP dissector Wireshark (formerly Ethereal)
      0.99.6 allows remote attackers to cause a denial of service (crash)
      and possibly execute arbitrary code via unknown vectors.
      (CVE-2007-6112)
    * Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote
      attackers to cause a denial of service (long loop) via a malformed DNP
      packet (CVE-2007-6113)
    * Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0
      through 0.99.6 allow remote attackers to cause a denial of service
      (crash) and possibly execute arbitrary code via (1) the SSL dissector
      or (2) the iSeries (OS/400) Communication trace file parser
      (CVE-2007-6114)
    * Buffer overflow in the ANSI MAP dissector for Wireshark (formerly
      Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms,
      allows remote attackers to cause a denial of service and possibly
      execute arbitrary code via unknown vectors. (CVE-2007-6115)
    * The Firebird/Interbase dissector in Wireshark (formerly Ethereal)
      0.99.6 allows remote attackers to cause a denial of service (infinite
      loop or crash) via unknown vectors. (CVE-2007-6116)
    * Unspecified vulnerability in the HTTP dissector for Wireshark
      (formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote
      attack vectors related to chunked messages. (CVE-2007-6117)
    * The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6
      allows remote attackers to cause a denial of service (long loop and
      resource consumption) via unknown vectors. (CVE-2007-6118)
    * The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows
      remote attackers to cause a denial of service (long loop and resource
      consumption) via unknown vectors. (CVE-2007-6119)
    * The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to
      0.99.6 allows remote attackers to cause a denial of service (infinite
      loop) via unknown vectors. (CVE-2007-6120)
    * Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers
      to cause a denial of service (crash) via a malformed RPC Portmap
      packet. (CVE-2007-6121)
  * current wireshark has SSL support (closes: #172939)
  * and H323 support (closes: #117201)
  * resizing columns bugfix was applied last year (closes: #369044)
  * new upstream release 1.0.0
    http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html
  * remove debian/ directory from upstream
  * update 14_disable-cmip.dpatch.
  * if wireshark has no priv, it now prints:
      dumpcap: There are no interfaces on which a capture can be done
      (closes: #468400)
  * wireshark uses su-to-root now (closes: #472478)
  * vulnerabilities fixed:
    * The X.509sat and other dissector could crash (CVE-2008-1561)
    * The LDAP dissector could crash on Windows and other platforms.
      (CVE-2008-1562)
    * The SCCP dissector could crash while using the "decode as"
      feature (CVE-2008-1563)

 -- Stephan Hermann <email address hidden>   Thu,  03 Apr 2008 13:45:15 +0100