[v2.2] Wireshark 1.8.7 and 1.6.15 fixes several security issues
Wireshark upstream has released 1.8.7, 1.6.15 versions,
correcting multiple security flaws:
Use CVE-2013-3561. Note that this CVE is shared with issues covered by
wnpa-sec-2013-30 and (part of) wnpa-sec-2013-29.
Use CVE-2013-3561. Note that this CVE is shared with issues covered by
wnpa-sec-2013-31 and (part of) wnpa-sec-2013-29.
Use CVE-2013-3561 for the Bug 8448 issue. Note that this CVE is shared
with issues covered by wnpa-sec-2013-30 and wnpa-sec-2013-31.
Use CVE-2013-3562 for the Bug 8449 issue.
Use CVE-2013-3560.
Use CVE-2013-3559.
Use CVE-2013-3558.
Use CVE-2013-3556 for the Bug 8599 issue addressed in r48943.
Use CVE-2013-3557 for the Bug 8599 issue addressed in r48944.
It is possible that CVE-2013-3556 only affects people who made their
own builds from the Wireshark trunk, and does not affect users of any
Wireshark release. Although MITRE does not always assign CVE names for
such development-code issues, in this case it is useful for clarifying
the scope of CVE-2013-3557.
Use CVE-2013-3555.
Further Note regarding 9):
The CVE-2013-2486 && CVE-2013-2487 identifiers
have been originally assigned for the 9) issue for the
fix in v1.8.6. The patch should contain two patches,
but only one was applied. Not sure if a new CVE identifier
should be assigned for this case.
See comment 13 in Wireshark bug 8364. CVE-2013-2486 is about revision
47805, and CVE-2013-2487 is about revision 47808 (an issue with a
different discoverer than 47805). MITRE will later publish an update
to the information about affected versions within our CVE-2013-2486
description.
(from redmine: issue id 1923, created on 2013-05-21, closed on 2013-05-22)
- Relations:
- parent #1918 (closed)
- Changesets:
- Revision c624044a by Natanael Copa on 2013-05-21T11:57:13Z:
main/wireshark: security upgrade to 1.6.15 (CVE-2013-3555,CVE-2013-3556,CVE-2013-3557,CVE-2013-3558,CVE-2013-3559,CVE-2013-3560,CVE-2013-3561,CVE-2013-3562)
fixes #1923