- Thu Aug 9 2012 luigiwalser <luigiwalser> 1.4.14-1.mga1
+ Revision: 280184
- 1.4.14 (fixes CVE-2012-4048 and CVE-2012-4049)
+ doktor5000
- new security/bugfix release 1.4.13
o Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3,
LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti
(http://www.wireshark.org/security/wnpa-sec-2012-08.html [CVE-2012-2392])
o The DIAMETER dissector could try to allocate memory improperly and crash
(http://www.wireshark.org/security/wnpa-sec-2012-09.html [CVE-2012-2393])
o Wireshark could crash on SPARC processors due to misaligned memory.
Discovered by Klaus Heckelmann
(http://www.wireshark.org/security/wnpa-sec-2012-10.html [CVE-2012-2394])
o fixes 4 various other bugs (not security-related)
- new security/bugfix release 1.4.12
o The ANSI A dissector could dereference a NULL pointer and crash
( http://www.wireshark.org/security/wnpa-sec-2012-04.html )
o The pcap and pcap-ng file parsers could crash trying to read ERF data
( http://www.wireshark.org/security/wnpa-sec-2012-06.html )
o The MP2T dissector could try to allocate too much memory and crash
( http://www.wireshark.org/security/wnpa-sec-2012-07.html )
o fixes 13 various other bugs (not security-related)
- new security/bugfix release 1.4.11
o fixes multiple file parser vulnerabilities
( http://www.wireshark.org/security/wnpa-sec-2012-01.html )
o fixes multiple NULL pointer vulnerabilities
( http://www.wireshark.org/security/wnpa-sec-2012-02.html )
o fixes an RLC dissector buffer overflow
( http://www.wireshark.org/security/wnpa-sec-2012-03.html )
o fixes 27 various other bugs (not security-related)
- new security/bugfix release 1.4.10
o fixes CVE-2011-4101, Infiniband dissector could dereference a NULL
pointer through a malformed package, leading to a segfault
o fixes CVE-2011-1957, large/infinite loop in the DICOM dissector
o fixes CVE-2011-1958, corrupt Diameter dictionary file could crash Wireshark
o fixes CVE-2011-1959, corrupted snoop file could crash Wireshark
o fixes CVE-2011-2174, malformed compressed capture data could crash Wireshark
o fixes CVE-2011-2175, corrupted Visual Networks file could crash Wireshark
o fixes CVE-2011-2597, the Lucent/Ascend file parser was susceptible to an
infinite loop
o fixes CVE-2011-2698, the ANSI MAP dissector was susceptible to an infinite
loop
o fixes 71 various other bugs (not security-related)
- dropped CVE-2011-3360.patch, CVE-2011-3483.patch, CVE-2011-3266.patch
CVE-2011-4102 (already fixed in 1.4.10)
- rediffed skip_disabled_function_when_running_as_root.patch
- fix CVE-2011-4102, buffer overflow in the ERF file reader through a malformed
packet trace file (upstream, wireshark-1.4.6-mga-CVE-2011-4102.patch)
- remove obsolete empty %defattrs and %clean section
- fix CVE-2011-3266, denial of service through a malformed IKEv1 packet causing
excessive resource usage (upstream, wireshark-1.4.6-mga-CVE-2011-3266.patch)
- fixed CVE-2011-3360, untrusted search path vulnerability allowing local users
to gain privileges via a Trojan horse Lua script in an unspecified directory
(from upstream)
- fixed CVE-2011-3483, denial of service (application crash) via a malformed
capture file that leads to an invalid root tvbuff, related to a
buffer exception handling vulnerability (from upstream)
- added improve_lua_error_messages.patch, improves error messages when calling
disabled lua functions when run as root, partial fix for (mga#2352)
- added skip_disabled_function_when_running_as_root.patch, skips disabled
dofile function call when run as root, removes error message (mga#2352) - Wed Apr 27 2011 wally <wally> 1.4.6-2.mga1
+ Revision: 92025
- fix desktop file names (mga#954)
- drop buildroot definition - Wed Apr 20 2011 pterjan <pterjan> 1.4.6-1.mga1
+ Revision: 88879
- Update to 1.4.6
+ ennael
- clean spec file - Fri Mar 4 2011 pterjan <pterjan> 1.4.4-1.mga1
+ Revision: 64182
- Drop plenty of old stuff
- imported package wireshark