From e8aaeac1ab6bc745f4617656f4ad84e87005a9768025043e316d1c78c46ea0cd Mon Sep 17 00:00:00 2001
From: Andreas Stieger <andreas.stieger@gmx.de>
Date: Tue, 18 Jul 2017 21:45:56 +0000
Subject: [PATCH] - Wireshark 2.2.8 (bsc#1049255):   This release fixes minor
 vulnerabilities that could be used to   trigger dissector crashes, infinite
 loopsm or cause excessive use   of memory resources by making Wireshark read
 specially crafted   packages from the network or a capture file:   *
 CVE-2017-7702 CVE-2017-11410: WBMXL dissector infinite loop    
 (wnpa-sec-2017-13)   * CVE-2017-9350 CVE-2017-11411: openSAFETY dissector
 memory     exhaustion (wnpa-sec-2017-28)   * CVE-2017-11408: AMQP dissector
 crash (wnpa-sec-2017-34)   * CVE-2017-11407: MQ dissector crash
 (wnpa-sec-2017-35)   * CVE-2017-11406: DOCSIS infinite loop
 (wnpa-sec-2017-36)

OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=218
---
 SIGNATURES-2.2.7.txt    | 48 -----------------------------------------
 SIGNATURES-2.2.8.txt    | 48 +++++++++++++++++++++++++++++++++++++++++
 wireshark-2.2.7.tar.bz2 |  3 ---
 wireshark-2.2.8.tar.bz2 |  3 +++
 wireshark.changes       | 16 ++++++++++++++
 wireshark.spec          |  2 +-
 6 files changed, 68 insertions(+), 52 deletions(-)
 delete mode 100644 SIGNATURES-2.2.7.txt
 create mode 100644 SIGNATURES-2.2.8.txt
 delete mode 100644 wireshark-2.2.7.tar.bz2
 create mode 100644 wireshark-2.2.8.tar.bz2

diff --git a/SIGNATURES-2.2.7.txt b/SIGNATURES-2.2.7.txt
deleted file mode 100644
index 358a581..0000000
--- a/SIGNATURES-2.2.7.txt
+++ /dev/null
@@ -1,48 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
-
-wireshark-2.2.7.tar.bz2: 32309420 bytes
-SHA256(wireshark-2.2.7.tar.bz2)=689ddf62221b152779d8846ab5b2063cc7fd41ec1a9f04eefab09b5d5486dbb5
-RIPEMD160(wireshark-2.2.7.tar.bz2)=baf598f495c04f3709cb02c9046b8176f5f5c72e
-SHA1(wireshark-2.2.7.tar.bz2)=2bb1cdf56a93fb22a66e8179214b587c71f06c9e
-MD5(wireshark-2.2.7.tar.bz2)=a4d880554c7f925dafef60fa313b580d
-
-Wireshark-win64-2.2.7.exe: 49400720 bytes
-SHA256(Wireshark-win64-2.2.7.exe)=cc8e6feff1e72d1baaafb277e33c9137a76a5edeca629fe4c764070a0719df50
-RIPEMD160(Wireshark-win64-2.2.7.exe)=e1b5395752ff672593bb02e02c9d43b969a6d136
-SHA1(Wireshark-win64-2.2.7.exe)=bb9f0c2f8448069e8ef33302e3e8a5182a066788
-MD5(Wireshark-win64-2.2.7.exe)=30570a7b54c17da897cf155e35a2f44a
-
-Wireshark-win32-2.2.7.exe: 44550128 bytes
-SHA256(Wireshark-win32-2.2.7.exe)=6f5ef2ed9aed62f3613f66b960f50663cfb4ec4b59c9fe1fa11ff08137c8a0c0
-RIPEMD160(Wireshark-win32-2.2.7.exe)=14aa5ae001272ac7ce1eea2d166f02b89a1de76c
-SHA1(Wireshark-win32-2.2.7.exe)=1c778e2885fbf0668f75567841d0b00c73b9c7d6
-MD5(Wireshark-win32-2.2.7.exe)=ab254d59f70aec9178aeb8a76a24de50
-
-WiresharkPortable_2.2.7.paf.exe: 46147736 bytes
-SHA256(WiresharkPortable_2.2.7.paf.exe)=3fc82830a4d2b0d620ef37c1fd406d99e5cad7ff2c831b1d284f5e87282ae2c1
-RIPEMD160(WiresharkPortable_2.2.7.paf.exe)=2d699d1fe6d1bd2e30000cff21837d17d069725f
-SHA1(WiresharkPortable_2.2.7.paf.exe)=5cc73524dfc49780ce22f8dfe4d74876c2f9eb5a
-MD5(WiresharkPortable_2.2.7.paf.exe)=d05d04a6ce82a7253949d45cc5fb6186
-
-Wireshark 2.2.7 Intel 64.dmg: 32873230 bytes
-SHA256(Wireshark 2.2.7 Intel 64.dmg)=6d46e7270fc6b661ece24c0fcaf56c7e4ce4f65501ef055ea46c6cfdf95c6dcb
-RIPEMD160(Wireshark 2.2.7 Intel 64.dmg)=7b1ab739f9dc24c03b9b825a8533e0e891ee822f
-SHA1(Wireshark 2.2.7 Intel 64.dmg)=50fa591d6fb0d4f59a5c2c9c12c1f114522f8377
-MD5(Wireshark 2.2.7 Intel 64.dmg)=2814af6a4f0c851e1d44213d96428919
------BEGIN PGP SIGNATURE-----
-
-iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlkwdzIACgkQgiRKeOb+
-ruqeLw//XkRVualJQ8H5drJUSDQwxDwGwona4R20Bh1EETMeCW+g+IFEx2Me1qcj
-460oEZ7JshsUYI2rGeqJSoK3xPLWLsNwdaMrV3hJOT5WiglJq/OZ6XUUrAsWZ25B
-+pzYK95SCl3OWeNOpVvj7BKmI8GljzE6MkItSwHeK4+GC4R144UxGBtOjm6iiQHV
-stIbec6+lqGYjAAq9V/I+ukYuOoFomlXZcRIMl1/RBB3L8Y2R+xiu+vEUBSNuNgV
-IfgBej3ydzHvZpidOMQMGTpiffZ/BMhh/NRvTwv18MHAn60tuyJ3EoQpUMWVOxTR
-AZ5dADVvu7ojtCnx5M5rsOdNRq1eW2gHUClVlYYJWWjJ+FD9yu0tyOjsJXkuJHfa
-ayrsDATBYFjX3xVEszeUiNj4uYdKt055wa0W6Ra7uvkKH6YrVViROh3WyYVHKofz
-JthcSkoqLFZvqkTq01viDcmk3GvNrkxBB5ziCgT4hzHFPh+JQld6GgD9LbUajydR
-BOnmKVJlBaozCSJhKd7dIg+dnJeQG8GBEU2rviWqQsYovRl9YOMGa9vmeZApTa5y
-WwTbI7OFitfVAgPuLymWActbEBREJfKx5A3RDV/HSgO1UjXs/FEOzbj2RSOT14T5
-+tliAL+bMbnLzBDdGKzCDb9Aq/6bgzYfzJFjvF4raopGYsLccqk=
-=KpEA
------END PGP SIGNATURE-----
diff --git a/SIGNATURES-2.2.8.txt b/SIGNATURES-2.2.8.txt
new file mode 100644
index 0000000..e40bab8
--- /dev/null
+++ b/SIGNATURES-2.2.8.txt
@@ -0,0 +1,48 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+wireshark-2.2.8.tar.bz2: 32331209 bytes
+SHA256(wireshark-2.2.8.tar.bz2)=ecf02c148c9ab6e809026ad5743fe9be1739a9840ef6fece6837a7ddfbdf7edc
+RIPEMD160(wireshark-2.2.8.tar.bz2)=58b46222b2a5cea2923c82f4eff95ad04b702f1a
+SHA1(wireshark-2.2.8.tar.bz2)=605d4323e9ac0122eca47a5c17ec14daf34b1ea1
+MD5(wireshark-2.2.8.tar.bz2)=bb81d0ecf3a8ed46bedfaeae6fd318a8
+
+Wireshark-win32-2.2.8.exe: 44569240 bytes
+SHA256(Wireshark-win32-2.2.8.exe)=7bfd50b9bbeeba6cc55c8f660e9e44c643791ee306227584299b560843f1564c
+RIPEMD160(Wireshark-win32-2.2.8.exe)=5862ef866c657cedca6ee587a9e87387fd1bac8f
+SHA1(Wireshark-win32-2.2.8.exe)=6c86be620ef189b5f1637b2c9f6bd576fee9894f
+MD5(Wireshark-win32-2.2.8.exe)=65e04d901c65d704ab936d0f9ecfb0e2
+
+Wireshark-win64-2.2.8.exe: 49409656 bytes
+SHA256(Wireshark-win64-2.2.8.exe)=caa8e6b1a69964594cfc5d4ebd16255a8ba80f54044c0d9c9352a798bde2bc89
+RIPEMD160(Wireshark-win64-2.2.8.exe)=9fd69129d4bd1a1c3b08396100eb000e109fd32b
+SHA1(Wireshark-win64-2.2.8.exe)=23e3b2d6d917d60c106c9a52f1d603be7cef3e82
+MD5(Wireshark-win64-2.2.8.exe)=60d00d0e82eacf9bad6cabf052356e3d
+
+WiresharkPortable_2.2.8.paf.exe: 46164528 bytes
+SHA256(WiresharkPortable_2.2.8.paf.exe)=510f9e1105e145739ee1cebfcad4ad8ab20d3336623ce807b3dd8d925dbebf8c
+RIPEMD160(WiresharkPortable_2.2.8.paf.exe)=f9a4fc82a59c60b1d616c5df6515d553d1d2157a
+SHA1(WiresharkPortable_2.2.8.paf.exe)=64bc24c167998323212abb8330ea1ab52de6122c
+MD5(WiresharkPortable_2.2.8.paf.exe)=72c677725c9e218450dc2a63db5e11ba
+
+Wireshark 2.2.8 Intel 64.dmg: 33444845 bytes
+SHA256(Wireshark 2.2.8 Intel 64.dmg)=efc681a6ef2bb52e76e15853c5d1b143078c548951d256283a53cc61c894d77f
+RIPEMD160(Wireshark 2.2.8 Intel 64.dmg)=c64e6ce2ce586a3ccdd179e265d1469a43b7883d
+SHA1(Wireshark 2.2.8 Intel 64.dmg)=b066c7bf1c90b3287ab1ced3ea3e430e6e7c94d4
+MD5(Wireshark 2.2.8 Intel 64.dmg)=3aca252edf8518be821ab100b8efdd0d
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlluTowACgkQgiRKeOb+
+rupG1A/+Jth6yo6f7DJLTsk6s/pSFxYOe32PDROBj7IxQ5FM3OQZ4ILcX3MoFdba
+sY/v9+GyLvXg9O/mPywGsD6SHPkyScHi891uvALuw6k7oy6/0V7dLvQVvaPo+nHb
+S+SIgbUWsztSgj4PARiSCr8QLbmHpZ8d1EwAecDBrLaPGMsANWToHASu+rRKtjGe
+MDyxPRj6GLwoAIkb6B2PKfuL3FjJA+YAbI/AMlHKIQBuqV/Zlbxkpgy76eHH7NKe
+SKLWW1hgnyC4/DIxfPUz3WwHAnt2MgdGjljVCZnUVi6HBmFtbChwNP9VuVXh/b6C
+cIIMu0TehXrRvSFytDwvYGJDzlaYuasNIiAVKBtQtJA4VGE4cewN6mZBux0o1eCJ
+0H5fUIVZFEY5OaaDywYl2K8p+v5Nf0K2b/lIqZIwCeMFoywrSMtH6PUb+jmziBg4
+6umoPJQO03t8R/DS4e1UQnY9vVzMFNBhjH5/WzGI3qv6fuGnfaZrcAzhvJlFsr39
+m9DtPej0i7aA3YvSfVDG25/4sSoJocvZT3wsoMv9xMo+XUZHzraG+VSZylsE71DR
+CJF5KFGIfugraHDxIlvxtRTSkkXe5hdC7nW+qBw1OL+5vLt5sUIHXDeYz2uLUIPf
+VSAZSNzZlUODd7X55jgDlQegfntUiUh31hs5urD1zM3eNfjJKdw=
+=5kXd
+-----END PGP SIGNATURE-----
diff --git a/wireshark-2.2.7.tar.bz2 b/wireshark-2.2.7.tar.bz2
deleted file mode 100644
index 3d7d31b..0000000
--- a/wireshark-2.2.7.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:689ddf62221b152779d8846ab5b2063cc7fd41ec1a9f04eefab09b5d5486dbb5
-size 32309420
diff --git a/wireshark-2.2.8.tar.bz2 b/wireshark-2.2.8.tar.bz2
new file mode 100644
index 0000000..7f7caee
--- /dev/null
+++ b/wireshark-2.2.8.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ecf02c148c9ab6e809026ad5743fe9be1739a9840ef6fece6837a7ddfbdf7edc
+size 32331209
diff --git a/wireshark.changes b/wireshark.changes
index 42712ba..7a7fd99 100644
--- a/wireshark.changes
+++ b/wireshark.changes
@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Tue Jul 18 21:29:37 UTC 2017 - astieger@suse.com
+
+- Wireshark 2.2.8 (bsc#1049255):
+  This release fixes minor vulnerabilities that could be used to
+  trigger dissector crashes, infinite loopsm or cause excessive use
+  of memory resources by making Wireshark read specially crafted
+  packages from the network or a capture file:
+  * CVE-2017-7702 CVE-2017-11410: WBMXL dissector infinite loop
+    (wnpa-sec-2017-13)
+  * CVE-2017-9350 CVE-2017-11411: openSAFETY dissector memory
+    exhaustion (wnpa-sec-2017-28)
+  * CVE-2017-11408: AMQP dissector crash (wnpa-sec-2017-34)
+  * CVE-2017-11407: MQ dissector crash (wnpa-sec-2017-35)
+  * CVE-2017-11406: DOCSIS infinite loop (wnpa-sec-2017-36)
+
 -------------------------------------------------------------------
 Fri Jun  2 09:21:15 UTC 2017 - astieger@suse.com
 
diff --git a/wireshark.spec b/wireshark.spec
index 578cdea..d139fad 100644
--- a/wireshark.spec
+++ b/wireshark.spec
@@ -36,7 +36,7 @@
 %bcond_with geoip
 %endif
 Name:           wireshark
-Version:        2.2.7
+Version:        2.2.8
 Release:        0
 Summary:        A Network Traffic Analyser
 License:        GPL-2.0+ and GPL-3.0+