[Buildroot] [PATCH] package/wireshark: security bump to version 4.0.6

From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Subject: [Buildroot] [PATCH] package/wireshark: security bump to version 4.0.6
Date: Mon, 26 Jun 2023 08:52:31 +0200	[thread overview]
Message-ID: <20230626065231.1967152-1-peter@korsgaard.com> (raw)

Fixes the following security issues:

- CVE-2023-1992: The RPC over RDMA dissector could crash
  https://www.wireshark.org/security/wnpa-sec-2023-09.html

- CVE-2023-1993: The LISP dissector could go into a large loop
  https://www.wireshark.org/security/wnpa-sec-2023-10.html

- CVE-2023-1994: The GQUIC dissector could crash
  https://www.wireshark.org/security/wnpa-sec-2023-11.html

- CVE-2023-2855: The Candump log file parser could crash
  https://www.wireshark.org/security/wnpa-sec-2023-12.html

- CVE-2023-2857: The BLF file parser could crash
  https://www.wireshark.org/security/wnpa-sec-2023-13.html

- The GDSDB dissector could go into an infinite loop
  https://www.wireshark.org/security/wnpa-sec-2023-14.html

- CVE-2023-2858: The NetScaler file parser could crash
  https://www.wireshark.org/security/wnpa-sec-2023-15.html

- CVE-2023-2856: The VMS TCPIPtrace file parser could crash
  https://www.wireshark.org/security/wnpa-sec-2023-16.html

- CVE-2023-2854: The BLF file parser could crash
  https://www.wireshark.org/security/wnpa-sec-2023-17.html

- CVE-2023-0666: The RTPS dissector could crash
  https://www.wireshark.org/security/wnpa-sec-2023-18.html

- CVE-2023-0668: The IEEE C37.118 Synchrophasor dissector could crash
  https://www.wireshark.org/security/wnpa-sec-2023-19.html

- The XRA dissector could go into an infinite loo
  https://www.wireshark.org/security/wnpa-sec-2023-20.html

The SIGNATURES-4.0.6.txt file seems to be corrupted, so instead refer to the
announcement mail.  Issue reported upstream:

https://gitlab.com/wireshark/wireshark/-/issues/19169

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/wireshark/wireshark.hash | 6 +++---
 package/wireshark/wireshark.mk   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/wireshark/wireshark.hash b/package/wireshark/wireshark.hash
index d89caa5de8..3bab652ab3 100644
--- a/package/wireshark/wireshark.hash
+++ b/package/wireshark/wireshark.hash
@@ -1,6 +1,6 @@
-# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-4.0.4.txt
-sha1  ae3c28d6966c420ee3a8d058ea212a1b6adab50f  wireshark-4.0.4.tar.xz
-sha256  a4a09f6564f00639036ffe5064ac4dc2176adfa3e484c539c9c73f835436e74b  wireshark-4.0.4.tar.xz
+# From https://www.wireshark.org/lists/wireshark-announce/202305/msg00000.html
+sha1  a60b6f8063df2a711932ba869ae86e6476087cf0  wireshark-4.0.6.tar.xz
+sha256  0079097a1b17ebc7250a73563f984c13327dac5016b7d53165810fbcca4bd884  wireshark-4.0.6.tar.xz
 
 # Locally calculated
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/wireshark/wireshark.mk b/package/wireshark/wireshark.mk
index f5a8e1f070..80a986cfa3 100644
--- a/package/wireshark/wireshark.mk
+++ b/package/wireshark/wireshark.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-WIRESHARK_VERSION = 4.0.4
+WIRESHARK_VERSION = 4.0.6
 WIRESHARK_SOURCE = wireshark-$(WIRESHARK_VERSION).tar.xz
 WIRESHARK_SITE = https://www.wireshark.org/download/src/all-versions
 WIRESHARK_LICENSE = wireshark license
-- 
2.30.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
