Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Jan 2012 13:16:38 +0530
From: Huzaifa Sidhpurwala <>
CC: Kurt Seifried <>, Agostino Sarubbo <>
Subject: Re: CVE request: Wireshark multiple vulnerabilities

On 01/16/2012 01:19 AM, Kurt Seifried wrote:
> I agree in principle, however in practice this is a lot of work (as you
> well know =). I guess my question/concern would be is who does the
> research to verify all this, and what if it varies by version (i.e. it
> is 6 separate issues in an older version but the newer version combined
> some code into a common library for example so it's only a single issue,
> but with multiple avenues of attack/etc.). In other words a lot of
> potential work.

I did some research, with details available at: and

In my opinion only 1 and 2 (ie ws bug 6663 and ws bug
6670) should be allocated a CVE.

Others are application crashes.

Huzaifa Sidhpurwala / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ