svn commit: r453196 - head/security/vuxml

Steve Wills swills at FreeBSD.org
Mon Oct 30 16:57:56 UTC 2017 

Author: swills
Date: Mon Oct 30 16:57:55 2017
New Revision: 453196
URL: https://svnweb.freebsd.org/changeset/ports/453196

Log:
  Document wireshark issues

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Mon Oct 30 16:55:26 2017	(r453195)
+++ head/security/vuxml/vuln.xml	Mon Oct 30 16:57:55 2017	(r453196)
@@ -58,6 +58,65 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="4684a426-774d-4390-aa19-b8dd481c4c94">
+    <topic>wireshark -- multiple security issues</topic>
+    <affects>
+      <package>
+	<name>wireshark</name>
+	<range><ge>2.2.0</ge><le>2.2.9</le></range>
+	<range><ge>2.4.0</ge><le>2.4.1</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>wireshark developers reports:</p>
+	<blockquote cite="http://www.securityfocus.com/bid/101228">
+	  <p>In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.</p>
+	  <p>In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.</p>
+	  <p>In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.</p>
+	  <p>In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.</p>
+	  <p>In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://www.securityfocus.com/bid/101227</url>
+      <url>http://www.securityfocus.com/bid/101228</url>
+      <url>http://www.securityfocus.com/bid/101229</url>
+      <url>http://www.securityfocus.com/bid/101235</url>
+      <url>http://www.securityfocus.com/bid/101240</url>
+      <url>https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14049</url>
+      <url>https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14056</url>
+      <url>https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14068</url>
+      <url>https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077</url>
+      <url>https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080</url>
+      <url>https://code.wireshark.org/review/23470</url>
+      <url>https://code.wireshark.org/review/23537</url>
+      <url>https://code.wireshark.org/review/23591</url>
+      <url>https://code.wireshark.org/review/23635</url>
+      <url>https://code.wireshark.org/review/23663</url>
+      <url>https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3689dc1db36037436b1616715f9a3f888fc9a0f6</url>
+      <url>https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8</url>
+      <url>https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8dbb21dfde14221dab09b6b9c7719b9067c1f06e</url>
+      <url>https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afb9ff7982971aba6e42472de0db4c1bedfc641b</url>
+      <url>https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e27870eaa6efa1c2dac08aa41a67fe9f0839e6e0</url>
+      <url>https://www.wireshark.org/security/wnpa-sec-2017-42.html</url>
+      <url>https://www.wireshark.org/security/wnpa-sec-2017-43.html</url>
+      <url>https://www.wireshark.org/security/wnpa-sec-2017-44.html</url>
+      <url>https://www.wireshark.org/security/wnpa-sec-2017-45.html</url>
+      <url>https://www.wireshark.org/security/wnpa-sec-2017-46.html</url>
+      <cvename>CVE-2017-15189</cvename>
+      <cvename>CVE-2017-15190</cvename>
+      <cvename>CVE-2017-15191</cvename>
+      <cvename>CVE-2017-15192</cvename>
+      <cvename>CVE-2017-15193</cvename>
+    </references>
+    <dates>
+      <discovery>2017-10-10</discovery>
+      <entry>2017-10-30</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="de7a2b32-bd7d-11e7-b627-d43d7e971a1b">
     <topic>PHP -- denial of service attack</topic>
     <affects>

More information about the svn-ports-head mailing list