Date: Mon, 4 Jul 2016 13:25:47 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r418023 - head/security/vuxml Message-ID: <201607041325.u64DPl2O005664@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Mon Jul 4 13:25:47 2016 New Revision: 418023 URL: https://svnweb.freebsd.org/changeset/ports/418023 Log: Document wnpa-sec-2016-29 through wnpa-sec-2016-37 for issues fixed in Wireshark 2.0.4 Security: CVE-2016-5350 Security: CVE-2016-5351 Security: CVE-2016-5352 Security: CVE-2016-5353 Security: CVE-2016-5354 Security: CVE-2016-5355 Security: CVE-2016-5356 Security: CVE-2016-5357 Security: CVE-2016-5358 Security: https://vuxml.FreeBSD.org/freebsd/313e9557-41e8-11e6-ab34-002590263bf5.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Jul 4 13:24:26 2016 (r418022) +++ head/security/vuxml/vuln.xml Mon Jul 4 13:25:47 2016 (r418023) @@ -58,6 +58,71 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="313e9557-41e8-11e6-ab34-002590263bf5"> + <topic>wireshark -- multiple vulnerabilities</topic> + <affects> + <package> + <name>wireshark</name> + <name>wireshark-lite</name> + <name>wireshark-qt5</name> + <name>tshark</name> + <name>tshark-lite</name> + <range><lt>2.0.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Wireshark development team reports:</p> + <blockquote cite="https://www.wireshark.org/docs/relnotes/wireshark-2.0.4.html">; + <p>The following vulnerabilities have been fixed:</p> + <ul> + <li><p>wnpa-sec-2016-29</p> + <p>The SPOOLS dissector could go into an infinite loop. Discovered + by the CESG.</p></li> + <li><p>wnpa-sec-2016-30</p> + <p>The IEEE 802.11 dissector could crash. (Bug 11585)</p></li> + <li><p>wnpa-sec-2016-31</p> + <p>The IEEE 802.11 dissector could crash. Discovered by Mateusz + Jurczyk. (Bug 12175)</p></li> + <li><p>wnpa-sec-2016-32</p> + <p>The UMTS FP dissector could crash. (Bug 12191)</p></li> + <li><p>wnpa-sec-2016-33</p> + <p>Some USB dissectors could crash. Discovered by Mateusz + Jurczyk. (Bug 12356)</p></li> + <li><p>wnpa-sec-2016-34</p> + <p>The Toshiba file parser could crash. Discovered by iDefense + Labs. (Bug 12394)</p></li> + <li><p>wnpa-sec-2016-35</p> + <p>The CoSine file parser could crash. Discovered by iDefense + Labs. (Bug 12395)</p></li> + <li><p>wnpa-sec-2016-36</p> + <p>The NetScreen file parser could crash. Discovered by iDefense + Labs. (Bug 12396)</p></li> + <li><p>wnpa-sec-2016-37</p> + <p>The Ethernet dissector could crash. (Bug 12440)</p></li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-5350</cvename> + <cvename>CVE-2016-5351</cvename> + <cvename>CVE-2016-5352</cvename> + <cvename>CVE-2016-5353</cvename> + <cvename>CVE-2016-5354</cvename> + <cvename>CVE-2016-5355</cvename> + <cvename>CVE-2016-5356</cvename> + <cvename>CVE-2016-5357</cvename> + <cvename>CVE-2016-5358</cvename> + <url>https://www.wireshark.org/docs/relnotes/wireshark-2.0.4.html</url>; + <url>http://www.openwall.com/lists/oss-security/2016/06/09/4</url>; + </references> + <dates> + <discovery>2016-06-07</discovery> + <entry>2016-07-04</entry> + </dates> + </vuln> + <vuln vid="8656cf5f-4170-11e6-8dfe-002590263bf5"> <topic>moodle -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607041325.u64DPl2O005664>