Wireshark mailing list archives
Re: Security issue being reported by the Secunia PSI scanner.
From: Richard Brooks <richardbuk () sky com>
Date: Thu, 7 Jan 2010 05:36:50 -0000
True, but if all it takes to put it right is to include the later version, then why not include the later version? Regards Richard <RichardBUK () Sky com> -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Bill Meier Sent: 06 January 2010 22:47 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Security issue being reported by the Secunia PSI scanner. Stephen Fisher wrote:
On Jan 6, 2010, at 3:20 PM, Richard Brooks wrote:Hello Bill, in my last email I neglected to add the Secunia report information you asked for.Your screenshots show that you're running Wireshark v1.2.5 with GTK+ 2.16.2. I don't see anything that says "security" in the release notes (news) for GTK+ from v2.16.2 -> the latest 2.16, which is 2.16.6: http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.6.news http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.5.news http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.4.news http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.3.news This is still something worth looking into. I see that GTK+ 2.18.x is the current stable maintained branch, while 2.16.x is "old" but "but in some respects more stable" (http://www.gtk.org/download- windows.html). Steve
Going one level deeper: It turns out the the Secunia Security ID which is being reported is SA37852: GTK+ "gdk_window_begin_implicit_paint()" Foreign Windows Weakness. http://secunia.com/advisories/37852/ Among other things the advisory says "fixed in GTK 2.18.5". The security level is reported as "not criotical" ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Security issue being reported by the Secunia PSI scanner. Richard Brooks (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Bill Meier (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Richard Brooks (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Richard Brooks (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Stephen Fisher (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Bill Meier (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Richard Brooks (Jan 06)
- Re: Security issue being reported by the SecuniaPSI scanner. Anders Broman (Jan 07)
- Re: Security issue being reported by the SecuniaPSI scanner. Richard Brooks (Jan 07)
- Re: Security issue being reported by the Secunia PSI scanner. Bill Meier (Jan 06)
- Re: Security issue being reported by the Secunia PSI scanner. Aaron Turner (Jan 06)