Accepting request 780991 from home:rfrohl:branches:network:utilities

- Added missing 2.4.x fixes to changes file 

- accumulating fixes from previous versions:
  * wireshark 2.4.16: 
    - CVE-2019-13619: ASN.1 BER and related dissectors crash (bsc#1141980).
  * wireshark 2.4.15 (bsc#1136021): 
    - Wireshark dissection engine crash.
  * wireshark 2.4.14 (bsc#1131945): 
    - CVE-2019-10895: NetScaler file parser crash.
    - CVE-2019-10899: SRVLOC dissector crash.
    - CVE-2019-10894: GSS-API dissector crash.
    - CVE-2019-10896: DOF dissector crash.
    - CVE-2019-10901: LDSS dissector crash.
    - CVE-2019-10903: DCERPC SPOOLSS dissector crash.
  * wireshark 2.4.13:
    - CVE-2019-9214: RPCAP dissector could crash (bsc#1127367)
    - CVE-2019-9209: ASN.1 BER and related dissectors could crash (bsc#1127369)
    - CVE-2019-9208: TCAP dissector could crash (bsc#1127370)
  * wireshark 2.4.12:
    - CVE-2019-5717: The P_MUL dissector could crash (bsc#1121232)
    - CVE-2019-5718: The RTSE dissector and other dissectors could crash (bsc#1121233)
    - CVE-2019-5719: The ISAKMP dissector could crash (bsc#1121234)
    - CVE-2019-5721: The ENIP dissector could crash (bsc#1121235)
  * wireshark 2.4.11 (bsc#1117740):
    - CVE-2018-19625: The Wireshark dissection engine could crash
    - CVE-2018-19626: The DCOM dissector could crash
    - CVE-2018-19623: The LBMPDM dissector could crash
    - CVE-2018-19622: The MMSE dissector could go into an infinite loop
    - CVE-2018-19627: The IxVeriWave file parser could crash
    - CVE-2018-19624: The PVFS dissector could crash

OBS-URL: https://build.opensuse.org/request/show/780991
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=300
This commit is contained in:
Robert Frohl 2020-03-02 14:33:23 +00:00 committed by Git OBS Bridge
parent 76396502ab
commit 7058893b82

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Mar 2 10:05:06 UTC 2020 - Robert Frohl <rfrohl@suse.com>
- Added missing 2.4.x fixes to changes file
-------------------------------------------------------------------
Thu Feb 27 07:51:33 UTC 2020 - Robert Frohl <rfrohl@suse.com>
@ -351,6 +356,59 @@ Tue May 1 17:19:49 UTC 2018 - ecsos@opensuse.org
- drop patch wireshark-1.2.0-geoip.patch, because file to patch
no more exists
- accumulating fixes from previous versions:
* wireshark 2.4.16:
- CVE-2019-13619: ASN.1 BER and related dissectors crash (bsc#1141980).
* wireshark 2.4.15 (bsc#1136021):
- Wireshark dissection engine crash.
* wireshark 2.4.14 (bsc#1131945):
- CVE-2019-10895: NetScaler file parser crash.
- CVE-2019-10899: SRVLOC dissector crash.
- CVE-2019-10894: GSS-API dissector crash.
- CVE-2019-10896: DOF dissector crash.
- CVE-2019-10901: LDSS dissector crash.
- CVE-2019-10903: DCERPC SPOOLSS dissector crash.
* wireshark 2.4.13:
- CVE-2019-9214: RPCAP dissector could crash (bsc#1127367)
- CVE-2019-9209: ASN.1 BER and related dissectors could crash (bsc#1127369)
- CVE-2019-9208: TCAP dissector could crash (bsc#1127370)
* wireshark 2.4.12:
- CVE-2019-5717: The P_MUL dissector could crash (bsc#1121232)
- CVE-2019-5718: The RTSE dissector and other dissectors could crash (bsc#1121233)
- CVE-2019-5719: The ISAKMP dissector could crash (bsc#1121234)
- CVE-2019-5721: The ENIP dissector could crash (bsc#1121235)
* wireshark 2.4.11 (bsc#1117740):
- CVE-2018-19625: The Wireshark dissection engine could crash
- CVE-2018-19626: The DCOM dissector could crash
- CVE-2018-19623: The LBMPDM dissector could crash
- CVE-2018-19622: The MMSE dissector could go into an infinite loop
- CVE-2018-19627: The IxVeriWave file parser could crash
- CVE-2018-19624: The PVFS dissector could crash
* wireshark 2.4.10 (bsc#1111647):
- CVE-2018-18227: MS-WSP dissector crash
- CVE-2018-12086: OpcUA dissector crash
* wireshark 2.4.9 (bsc#1106514):
- CVE-2018-16058: Bluetooth AVDTP dissector crash
- CVE-2018-16056: Bluetooth Attribute Protocol dissector crash
- CVE-2018-16057: Radiotap dissector crash
* wireshark 2.4.8:
- CVE-2018-14342: BGP dissector large loop (boo#1101777)
- CVE-2018-14344: ISMP dissector crash (boo#1101788)
- CVE-2018-14340: Multiple dissectors could crash (boo#1101804)
- CVE-2018-14343: ASN.1 BER dissector crash (boo#1101786)
- CVE-2018-14339: MMSE dissector infinite loop (boo#1101810)
- CVE-2018-14341: DICOM dissector crash (boo#1101776)
- CVE-2018-14368: Bazaar dissector infinite loop (boo#1101794)
- CVE-2018-14369: HTTP2 dissector crash (boo#1101800)
- CVE-2018-14367: CoAP dissector crash (boo#1101791)
- CVE-2018-14370: IEEE 802.11 dissector crash (boo#1101802)
* wireshark 2.4.7 (bsc#1094301):
- CVE-2018-11356: DNS dissector crash
- CVE-2018-11357: Multiple dissectors could consume excessive memory
- CVE-2018-11358: Q.931 dissector crash
- CVE-2018-11359: The RRC dissector and other dissectors could crash
- CVE-2018-11360: GSM A DTAP dissector crash
- CVE-2018-11362: LDSS dissector crash
-------------------------------------------------------------------
Wed Apr 4 20:20:16 UTC 2018 - astieger@suse.com