[Buildroot] [PATCH 1/1] package/wireshark: security bump to version 3.2.8

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH 1/1] package/wireshark: security bump to version 3.2.8
@ 2020-10-31 23:32 Fabrice Fontaine
  2020-11-01  9:01 ` Thomas Petazzoni
  2020-11-03 10:13 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2020-10-31 23:32 UTC (permalink / raw)
  To: buildroot

- Fix CVE-2020-26575: In Wireshark through 3.2.7, the Facebook Zero
  Protocol (aka FBZERO) dissector could enter an infinite loop. This was
  addressed in epan/dissectors/packet-fbzero.c by correcting the
  implementation of offset advancement.
  https://www.wireshark.org/security/wnpa-sec-2020-14.html
- Fix GQUIC dissector crash:
  https://www.wireshark.org/security/wnpa-sec-2020-15.html

https://www.wireshark.org/docs/relnotes/wireshark-3.2.8.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/wireshark/wireshark.hash | 6 +++---
 package/wireshark/wireshark.mk   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/wireshark/wireshark.hash b/package/wireshark/wireshark.hash
index 16866d96b4..8d1a3b3a2e 100644
--- a/package/wireshark/wireshark.hash
+++ b/package/wireshark/wireshark.hash
@@ -1,6 +1,6 @@
-# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-3.2.7.txt
-sha1  b564c2e729066cb7c952463fef6163e23a5fea1e  wireshark-3.2.7.tar.xz
-sha256  be832fb86d9c455c5be8b225a755cdc77cb0e92356bdfc1fe4b000d93f7d70da  wireshark-3.2.7.tar.xz
+# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-3.2.8.txt
+sha1  5fdcbbe3a50cea38a8fa5f10b21f58cbef31793e  wireshark-3.2.8.tar.xz
+sha256  a8a595d08f38c6bd083886f6c199b9d4fb007e363031b263667c7da72323cc32  wireshark-3.2.8.tar.xz
 
 # Locally calculated
 sha256  7cdbed2b697efaa45576a033f1ac0e73cd045644a91c79bbf41d4a7d81dac7bf  COPYING
diff --git a/package/wireshark/wireshark.mk b/package/wireshark/wireshark.mk
index 354f008250..0bcb97606a 100644
--- a/package/wireshark/wireshark.mk
+++ b/package/wireshark/wireshark.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-WIRESHARK_VERSION = 3.2.7
+WIRESHARK_VERSION = 3.2.8
 WIRESHARK_SOURCE = wireshark-$(WIRESHARK_VERSION).tar.xz
 WIRESHARK_SITE = https://www.wireshark.org/download/src/all-versions
 WIRESHARK_LICENSE = wireshark license
-- 
2.28.0

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [Buildroot] [PATCH 1/1] package/wireshark: security bump to version 3.2.8
  2020-10-31 23:32 [Buildroot] [PATCH 1/1] package/wireshark: security bump to version 3.2.8 Fabrice Fontaine
@ 2020-11-01  9:01 ` Thomas Petazzoni
  2020-11-03 10:13 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2020-11-01  9:01 UTC (permalink / raw)
  To: buildroot

On Sun,  1 Nov 2020 00:32:27 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> - Fix CVE-2020-26575: In Wireshark through 3.2.7, the Facebook Zero
>   Protocol (aka FBZERO) dissector could enter an infinite loop. This was
>   addressed in epan/dissectors/packet-fbzero.c by correcting the
>   implementation of offset advancement.
>   https://www.wireshark.org/security/wnpa-sec-2020-14.html
> - Fix GQUIC dissector crash:
>   https://www.wireshark.org/security/wnpa-sec-2020-15.html
> 
> https://www.wireshark.org/docs/relnotes/wireshark-3.2.8.html
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/wireshark/wireshark.hash | 6 +++---
>  package/wireshark/wireshark.mk   | 2 +-
>  2 files changed, 4 insertions(+), 4 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Buildroot] [PATCH 1/1] package/wireshark: security bump to version 3.2.8
  2020-10-31 23:32 [Buildroot] [PATCH 1/1] package/wireshark: security bump to version 3.2.8 Fabrice Fontaine
  2020-11-01  9:01 ` Thomas Petazzoni
@ 2020-11-03 10:13 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-11-03 10:13 UTC (permalink / raw)
  To: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Fix CVE-2020-26575: In Wireshark through 3.2.7, the Facebook Zero
 >   Protocol (aka FBZERO) dissector could enter an infinite loop. This was
 >   addressed in epan/dissectors/packet-fbzero.c by correcting the
 >   implementation of offset advancement.
 >   https://www.wireshark.org/security/wnpa-sec-2020-14.html
 > - Fix GQUIC dissector crash:
 >   https://www.wireshark.org/security/wnpa-sec-2020-15.html

 > https://www.wireshark.org/docs/relnotes/wireshark-3.2.8.html

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2020.02.x and 2020.08.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2020-11-03 10:13 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-10-31 23:32 [Buildroot] [PATCH 1/1] package/wireshark: security bump to version 3.2.8 Fabrice Fontaine
2020-11-01  9:01 ` Thomas Petazzoni
2020-11-03 10:13 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox