public inbox for buildroot@busybox.net
 help / color / mirror / Atom feed
From: Thomas Perale via buildroot <buildroot@buildroot.org>
To: Thomas Perale <thomas.perale@mind.be>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/wireshark: security bump to v4.4.13
Date: Fri,  6 Mar 2026 20:53:46 +0100	[thread overview]
Message-ID: <20260306195346.8887-1-thomas.perale@mind.be> (raw)
In-Reply-To: <20260225091006.238395-1-thomas.perale@mind.be>

In reply of:
> For more information on the version bump, see:
>   - https://www.wireshark.org/docs/relnotes/wireshark-4.4.13.html
>   - https://www.wireshark.org/docs/relnotes/wireshark-4.4.12.html
>   - https://www.wireshark.org/docs/relnotes/wireshark-4.4.11.html
>   - https://www.wireshark.org/docs/relnotes/wireshark-4.4.10.html
> 
> Fixes the following vulnerabilities:
> 
> - CVE-2025-11626:
>     MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to
>     4.2.13 allows denial of service
> 
>     https://www.cve.org/CVERecord?id=CVE-2025-11626
> 
> - CVE-2025-13499:
>     Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows
>     denial of service
> 
>     https://www.cve.org/CVERecord?id=CVE-2025-13499
> 
> - CVE-2025-13946:
>     MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0
>     to 4.4.11 allows denial of service
> 
>     https://www.cve.org/CVERecord?id=CVE-2025-13946
> 
> - CVE-2026-0959:
>     IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and
>     4.4.0 to 4.4.12 allows denial of service
> 
>     https://www.cve.org/CVERecord?id=CVE-2026-0959
> 
> - CVE-2026-0960:
>     HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2
>     allows denial of service
> 
>     https://www.cve.org/CVERecord?id=CVE-2026-0960
> 
> - CVE-2026-0961:
>     BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12
>     allows denial of service
> 
>     https://www.cve.org/CVERecord?id=CVE-2026-0961
> 
> - CVE-2026-0962:
>     SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and
>     4.4.0 to 4.4.12 allows denial of service
> 
>     https://www.cve.org/CVERecord?id=CVE-2026-0962
> 
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Applied to 2025.11.x. Thanks

> ---
>  package/wireshark/wireshark.hash | 6 +++---
>  package/wireshark/wireshark.mk   | 2 +-
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/package/wireshark/wireshark.hash b/package/wireshark/wireshark.hash
> index 88eb7ef494..87d5781eed 100644
> --- a/package/wireshark/wireshark.hash
> +++ b/package/wireshark/wireshark.hash
> @@ -1,6 +1,6 @@
> -# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-4.4.9.txt
> -sha1  dc91c68b03b389645fa6dade92960863d74bca1d  wireshark-4.4.9.tar.xz
> -sha256  60551dc787f41e87aeaa1e9c33304f9008037e3baf9fa11aef9c2d584cc0b54b  wireshark-4.4.9.tar.xz
> +# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-4.4.13.txt
> +sha1  2e85bc1231775283d3e1593ce700566e0dc4efb9  wireshark-4.4.13.tar.xz
> +sha256  cdaaf455954b45990651ba334ddcc691ee446fcfb332e78d27b0a8451f22dc0f  wireshark-4.4.13.tar.xz
>  
>  # Locally calculated
>  sha256  edaef632cbb643e4e7a221717a6c441a4c1a7c918e6e4d56debc3d8739b233f6  COPYING
> diff --git a/package/wireshark/wireshark.mk b/package/wireshark/wireshark.mk
> index 9ccd8f9a9e..196ac63271 100644
> --- a/package/wireshark/wireshark.mk
> +++ b/package/wireshark/wireshark.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -WIRESHARK_VERSION = 4.4.9
> +WIRESHARK_VERSION = 4.4.13
>  WIRESHARK_SOURCE = wireshark-$(WIRESHARK_VERSION).tar.xz
>  WIRESHARK_SITE = https://www.wireshark.org/download/src/all-versions
>  WIRESHARK_LICENSE = wireshark license
> -- 
> 2.53.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

  parent reply	other threads:[~2026-03-06 19:54 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-25  9:10 [Buildroot] [PATCH] package/wireshark: security bump to v4.4.13 Thomas Perale via buildroot
2026-02-25 20:44 ` Julien Olivain via buildroot
2026-03-06 19:53 ` Thomas Perale via buildroot [this message]
  -- strict thread matches above, loose matches on Subject: below --
2026-02-25  9:48 [Buildroot] [PATCH 1/1] package/containerd: security bump to v2.0.7 Thomas Perale via buildroot
2026-02-25  9:48 ` [Buildroot] [PATCH] package/wireshark: security bump to v4.4.13 Thomas Perale via buildroot
2026-02-25  9:57   ` Thomas Perale via buildroot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260306195346.8887-1-thomas.perale@mind.be \
    --to=buildroot@buildroot.org \
    --cc=thomas.perale@mind.be \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox