oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 20 May 2013 12:55:31 -0400 (EDT)
Hello Kurt, Steve, vendors,

  Wireshark upstream has released 1.8.7, 1.6.15 versions,
correcting multiple security flaws:

1) http://www.wireshark.org/security/wnpa-sec-2013-31.html
   https://bugzilla.redhat.com/show_bug.cgi?id=965110

2) http://www.wireshark.org/security/wnpa-sec-2013-30.html
   https://bugzilla.redhat.com/show_bug.cgi?id=965111

3) http://www.wireshark.org/security/wnpa-sec-2013-29.html
   https://bugzilla.redhat.com/show_bug.cgi?id=965112

4) http://www.wireshark.org/security/wnpa-sec-2013-28.html
   https://bugzilla.redhat.com/show_bug.cgi?id=965186

5) http://www.wireshark.org/security/wnpa-sec-2013-27.html
   https://bugzilla.redhat.com/show_bug.cgi?id=965190

6) http://www.wireshark.org/security/wnpa-sec-2013-26.html
   https://bugzilla.redhat.com/show_bug.cgi?id=965192

7) http://www.wireshark.org/security/wnpa-sec-2013-25.html
   https://bugzilla.redhat.com/show_bug.cgi?id=965193

8) http://www.wireshark.org/security/wnpa-sec-2013-24.html
   https://bugzilla.redhat.com/show_bug.cgi?id=965194

9) http://www.wireshark.org/security/wnpa-sec-2013-23.html
   https://bugzilla.redhat.com/show_bug.cgi?id=965195

   Further Note regarding 9):
   The CVE-2013-2486 && CVE-2013-2487 identifiers
   have been originally assigned for the 9) issue for the
   fix in v1.8.6. The patch should contain two patches,
   but only one was applied. Not sure if a new CVE identifier
   should be assigned for this case.

Could you allocate CVE identifiers for these?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: