wireshark 1.0.0-1ubuntu0.2 source package in Ubuntu

Changelog

wireshark (1.0.0-1ubuntu0.2) hardy-security; urgency=low

   * SECURITY UPDATE: packet-usb.c in the USB dissector in Wireshark 0.99.7
    through 1.0.3 allows remote attackers to cause a denial of service
    (application crash or abort) via a malformed USB Request Block (URB).
    (LP #290716)
    - debian/patches/30_CVE-2008-4680.dpatch - Properly initialise
      data structures in packet-usb.c - Gerald Combs.
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 26333
    - CVE-2008-4680
  * SECURITY UPDATE: Unspecified vulnerability in the Bluetooth RFCOMM
    dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers
    to cause a denial of service (application crash or abort) via unknown
    packets. (LP #290716)
    - debian/patches/31_CVE-2008-4681.dpatch - Properly initialise
      data structures in btrfcomm.c - Gerald Combs.
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 26333
    - CVE-2008-4681
  * SECURITY UPDATE: wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote
    attackers to cause a denial of service (application abort) via a
    malformed Tamos CommView capture file (aka .ncf file) with an
    "unknown/unexpected packet type" that triggers a failed assertion.
    (LP #290716)
    - debian/patches/32_CVE-2008-4682.dpatch - Return an error if it
      finds an unknown/unexpected packet type - Jeff Morris.
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 26327
    - CVE-2008-4682
  * SECURITY UPDATE: The dissect_btacl function in packet-bthci_acl.c in the
    Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote
    attackers to cause a denial of service (application crash or abort) via
    a packet with an invalid length, related to an erroneous tvb_memcpy call.
    (LP #290716)
    - debian/patches/33_CVE-2008-4683.dpatch - buffer check to prevent
      overflow - Jeff Morris.
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 25195
    - Included patch not listed by CVE to prevent memory overflow in
      bluetooth dissector - Jeff Morris.
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 25196
    - CVE-2008-4683
  * SECURITY UPDATE: packet-frame in Wireshark 0.99.2 through 1.0.3 does not
    properly handle exceptions thrown by post dissectors, which allows
    remote attackers to cause a denial of service (application crash) via
    a certain series of packets, as demonstrated by enabling the (1) PRP
    or (2) MATE post dissector. (LP #290716)
    - debian/patches/34_CVE-2008-4684.dpatch - Catch errors given
      post dissectors - Jeff Morris, wmeier
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 25339, 25342, 25344
    - CVE-2008-4684
  * SECURITY UPDATE: Use-after-free vulnerability in the dissect_q931_cause_ie
    function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through
    1.0.3 allows remote attackers to cause a denial of service (application crash
    or abort) via certain packets that trigger an exception. (LP #290716)
    - debian/patches/35_CVE-2008-4685.dpatch - Wrap dissect_q931_cause_ie() in
      which clears the have_valid_q931_pi semaphore - Jaap Keuter.
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 26190
    - CVE-2008-4685

 -- Stefan Lesicnik <email address hidden>   Thu, 30 Oct 2008 13:17:54 +0200