Format: 1.8
Date: Wed, 29 Oct 2008 22:31:07 +0200
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev
Architecture: lpia
Version: 1.0.3-1ubuntu2.1
Distribution: intrepid
Urgency: low
Maintainer: Ubuntu/lpia Build Daemon <buildd@rhenium.ppa>
Changed-By: Stefan Lesicnik <stefan@lsd.co.za>
Description: 
 tshark     - network traffic analyzer (console)
 wireshark  - network traffic analyzer
 wireshark-common - network traffic analyser (common files)
 wireshark-dev - network traffic analyser (development tools)
Changes: 
 wireshark (1.0.3-1ubuntu2.1) intrepid-security; urgency=low
 .
   * SECURITY UPDATE: packet-usb.c in the USB dissector in Wireshark 0.99.7
     through 1.0.3 allows remote attackers to cause a denial of service
     (application crash or abort) via a malformed USB Request Block (URB).
     (LP #290716)
     - debian/patches/30_CVE-2008-4680.dpatch - Properly initialise
       data structures in packet-usb.c - Gerald Combs.
     - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
     - Revision: 26333
     - CVE-2008-4680
   * SECURITY UPDATE: Unspecified vulnerability in the Bluetooth RFCOMM
     dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers
     to cause a denial of service (application crash or abort) via unknown
     packets. (LP #290716)
     - debian/patches/31_CVE-2008-4681.dpatch - Properly initialise
       data structures in btrfcomm.c - Gerald Combs.
     - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
     - Revision: 26333
     - CVE-2008-4681
   * SECURITY UPDATE: wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote
     attackers to cause a denial of service (application abort) via a
     malformed Tamos CommView capture file (aka .ncf file) with an
     "unknown/unexpected packet type" that triggers a failed assertion.
     (LP #290716)
     - debian/patches/32_CVE-2008-4682.dpatch - Return an error if it
       finds an unknown/unexpected packet type - Jeff Morris.
     - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
     - Revision: 26327
     - CVE-2008-4682
   * SECURITY UPDATE: The dissect_btacl function in packet-bthci_acl.c in the
     Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote
     attackers to cause a denial of service (application crash or abort) via
     a packet with an invalid length, related to an erroneous tvb_memcpy call.
     (LP #290716)
     - debian/patches/33_CVE-2008-4683.dpatch - buffer check to prevent
       overflow - Jeff Morris.
     - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
     - Revision: 25195
     - Included patch not listed by CVE to prevent memory overflow in
       bluetooth dissector - Jeff Morris.
     - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
     - Revision: 25196
     - CVE-2008-4683
   * SECURITY UPDATE: packet-frame in Wireshark 0.99.2 through 1.0.3 does not
     properly handle exceptions thrown by post dissectors, which allows
     remote attackers to cause a denial of service (application crash) via
     a certain series of packets, as demonstrated by enabling the (1) PRP
     or (2) MATE post dissector. (LP #290716)
     - debian/patches/34_CVE-2008-4684.dpatch - Catch errors given
       post dissectors - Jeff Morris, wmeier
     - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
     - Revision: 25339, 25342, 25344
     - CVE-2008-4684
   * SECURITY UPDATE: Use-after-free vulnerability in the dissect_q931_cause_ie
     function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through
     1.0.3 allows remote attackers to cause a denial of service (application crash
     or abort) via certain packets that trigger an exception. (LP #290716)
     - debian/patches/35_CVE-2008-4685.dpatch - Wrap dissect_q931_cause_ie() in
       which clears the have_valid_q931_pi semaphore - Jaap Keuter.
     - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
     - Revision: 26190
     - CVE-2008-4685
Checksums-Sha1: 
 8e4dfce5f56890ef94d3d5410216d2fb703e7cc7 9986298 wireshark-common_1.0.3-1ubuntu2.1_lpia.deb
 f1d5dd4f2ce654e8c7cdfb548a6d396e87106ce5 629358 wireshark_1.0.3-1ubuntu2.1_lpia.deb
 168ba36fb87558702d10801971f911de0b776eb8 113546 tshark_1.0.3-1ubuntu2.1_lpia.deb
 ca89c666d1f33ea1d6fdad678e3eb20464912ac9 585976 wireshark-dev_1.0.3-1ubuntu2.1_lpia.deb
Checksums-Sha256: 
 18bc03b95e7612a09a591db232c0c83e6e4873caf18990cff2ff90d12a4b6a2f 9986298 wireshark-common_1.0.3-1ubuntu2.1_lpia.deb
 35e93d3b0fefcf2bdf21789723f20c8637cf795bacc08e6bb35d436f6b5a6f54 629358 wireshark_1.0.3-1ubuntu2.1_lpia.deb
 b491a90b79e985e071bec3ac774fa4c5ca8927305f8d8b74211e7226a11e6959 113546 tshark_1.0.3-1ubuntu2.1_lpia.deb
 a9df242551ff7b76b719d5c08c1a89821c338722d8865231d60121f1817dc856 585976 wireshark-dev_1.0.3-1ubuntu2.1_lpia.deb
Files: 
 6bcfc6c853a8d2a1bf95f954d6c0cf5e 9986298 net optional wireshark-common_1.0.3-1ubuntu2.1_lpia.deb
 0d2304ca68325e8788edfebfd6f36158 629358 net optional wireshark_1.0.3-1ubuntu2.1_lpia.deb
 d6b2fabc3cca60f0ed859d00c0fa8d53 113546 net optional tshark_1.0.3-1ubuntu2.1_lpia.deb
 852d3c779bf4a9fe4fa54cb5b99df6d6 585976 devel optional wireshark-dev_1.0.3-1ubuntu2.1_lpia.deb
Original-Maintainer: Frederic Peters <fpeters@debian.org>