[Buildroot] [PATCH] package/wireshark: security bump to version 4.0.6
Peter Korsgaard
peter at korsgaard.com
Sun Jul 16 09:14:21 UTC 2023
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2023-1992: The RPC over RDMA dissector could crash
> https://www.wireshark.org/security/wnpa-sec-2023-09.html
> - CVE-2023-1993: The LISP dissector could go into a large loop
> https://www.wireshark.org/security/wnpa-sec-2023-10.html
> - CVE-2023-1994: The GQUIC dissector could crash
> https://www.wireshark.org/security/wnpa-sec-2023-11.html
> - CVE-2023-2855: The Candump log file parser could crash
> https://www.wireshark.org/security/wnpa-sec-2023-12.html
> - CVE-2023-2857: The BLF file parser could crash
> https://www.wireshark.org/security/wnpa-sec-2023-13.html
> - The GDSDB dissector could go into an infinite loop
> https://www.wireshark.org/security/wnpa-sec-2023-14.html
> - CVE-2023-2858: The NetScaler file parser could crash
> https://www.wireshark.org/security/wnpa-sec-2023-15.html
> - CVE-2023-2856: The VMS TCPIPtrace file parser could crash
> https://www.wireshark.org/security/wnpa-sec-2023-16.html
> - CVE-2023-2854: The BLF file parser could crash
> https://www.wireshark.org/security/wnpa-sec-2023-17.html
> - CVE-2023-0666: The RTPS dissector could crash
> https://www.wireshark.org/security/wnpa-sec-2023-18.html
> - CVE-2023-0668: The IEEE C37.118 Synchrophasor dissector could crash
> https://www.wireshark.org/security/wnpa-sec-2023-19.html
> - The XRA dissector could go into an infinite loo
> https://www.wireshark.org/security/wnpa-sec-2023-20.html
> The SIGNATURES-4.0.6.txt file seems to be corrupted, so instead refer to the
> announcement mail. Issue reported upstream:
> https://gitlab.com/wireshark/wireshark/-/issues/19169
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2023.02.x and 2023.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list