Date: Fri, 31 Aug 2012 23:58:48 +0400 (MSK) From: Eygene Ryabinkin <rea@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: simon@FreeBSD.org Subject: ports/171220: [vuxml][patch] net/wireshark: fix DoS in DRDA dissector Message-ID: <20120831195848.1EF62DA81F@void.codelabs.ru> Resent-Message-ID: <201208312000.q7VK0OrQ065338@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 171220 >Category: ports >Synopsis: [vuxml][patch] net/wireshark: fix DoS in DRDA dissector >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 31 20:00:24 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 10.0-CURRENT amd64 >Organization: Code Labs >Environment: System: FreeBSD 10.0-CURRENT amd64 >Description: Wireshark's DRDA dissector is prone to the infinite loop problem if specially crafted traffic is fed into it [1]. >How-To-Repeat: [1] http://www.vuxml.org/freebsd/5415f1b3-f33d-11e1-8bd8-0022156e8794.html >Fix: The patch at http://codelabs.ru/fbsd/ports/wireshark/1.8.2-fix-cve-2012-3548.diff fixes the issue for me. Here is the quality assurance page: http://codelabs.ru/fbsd/ports/qa/net/wireshark/1.8.2_1 When you'll be updating the port, please, include the line {{{ Security: http://www.vuxml.org/freebsd/5415f1b3-f33d-11e1-8bd8-0022156e8794.html }}} into the commit log message. The version specification inside VuXML entry (security/vuxml/vuln.xml) should be changed from "1.9" to the port version that will receive the fix for this CVE. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120831195848.1EF62DA81F>