Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 11 Sep 2013 04:40:12 -0400 (EDT)
From: cve-assign@...re.org
To: oss-security@...ts.openwall.com, gerald@...eshark.org
Cc: cve-assign@...re.org
Subject: CVEs for Wireshark 1.8.10 and 1.10.2 releases

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://www.wireshark.org/security/wnpa-sec-2013-54.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8827
http://anonsvn.wireshark.org/viewvc?view=revision&revision=51130
crash; incorrectly maintained free list
CVE-2013-5717


https://www.wireshark.org/security/wnpa-sec-2013-55.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9005 Access Denied
crash
CVE-2013-5718


https://www.wireshark.org/security/wnpa-sec-2013-56.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9020
http://anonsvn.wireshark.org/viewvc?view=revision&revision=51196
loop
CVE-2013-5719


https://www.wireshark.org/security/wnpa-sec-2013-57.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9019 Access Denied
buffer overflow
CVE-2013-5720


https://www.wireshark.org/security/wnpa-sec-2013-58.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9079
http://anonsvn.wireshark.org/viewvc?view=revision&revision=51603
crash; erroneous entry into a loop
CVE-2013-5721


https://www.wireshark.org/security/wnpa-sec-2013-59.html
crash
CVE-2013-5722


https://www.wireshark.org/security/wnpa-sec-2013-60.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8742
http://anonsvn.wireshark.org/viewvc?view=revision&revision=49697

We don't understand why
https://www.wireshark.org/security/wnpa-sec-2013-60.html has different
affected versions than
https://www.wireshark.org/security/wnpa-sec-2013-51.html (they are
both about bug 8742). Thus, we don't know whether new CVE IDs are
needed.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSMCvgAAoJEKllVAevmvmsuWMH/RRdPe0Lk3lAP3pVOGm+37GP
9He6RbdJywE0X5aK7V7TTTXJJt6lFmLk91m9yFmeVeleBTb71nmzhsLf8Spn34Ew
upNCIIWOz5SrBST8rkX8q9w27nNr3VsC9Ai7y+SazWme9AzPFgM5mAbTpcimBe1m
3k/N27ZqQdvRhdlT7NbzjhEE+AYYSldtaVp5B+PjZBPECvUPBSTWQJnsc+ywMHMl
v90upHmTTCPR6k1M0fQcANRIE1GAHjkpiyrDCdtFY+geArQis93w95Zp5REayvVU
geky+wLz63mQQw6A7pHC8sejrNLAggwvqTERthsIyv5W5YIpcwFVCy/bicY47TY=
=n04P
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.