svn commit: r409842 - head/security/vuxml

Jason Unovitch junovitch at FreeBSD.org
Tue Mar 1 03:00:43 UTC 2016 

Author: junovitch
Date: Tue Mar  1 03:00:41 2016
New Revision: 409842
URL: https://svnweb.freebsd.org/changeset/ports/409842

Log:
  Document wireshark multiple vulnerabilities
  
  Security:	CVE-2016-2522
  Security:	CVE-2016-2523
  Security:	CVE-2016-2524
  Security:	CVE-2016-2525
  Security:	CVE-2016-2526
  Security:	CVE-2016-2527
  Security:	CVE-2016-2528
  Security:	CVE-2016-2529
  Security:	CVE-2016-2530
  Security:	CVE-2016-2531
  Security:	CVE-2016-2532
  Security:	https://vuxml.FreeBSD.org/freebsd/45117749-df55-11e5-b2bd-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/42c2c422-df55-11e5-b2bd-002590263bf5.html

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Tue Mar  1 02:53:06 2016	(r409841)
+++ head/security/vuxml/vuln.xml	Tue Mar  1 03:00:41 2016	(r409842)
@@ -58,6 +58,164 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="45117749-df55-11e5-b2bd-002590263bf5">
+    <topic>wireshark -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>wireshark</name>
+	<name>wireshark-lite</name>
+	<name>wireshark-qt5</name>
+	<name>tshark</name>
+	<name>tshark-lite</name>
+	<range><lt>2.0.2</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Wireshark development team reports:</p>
+	<blockquote cite="https://www.wireshark.org/docs/relnotes/wireshark-2.0.2.html">
+	  <p>The following vulnerabilities have been fixed:</p>
+	  <ul>
+	    <li><p>wnpa-sec-2016-02</p>
+	      <p>ASN.1 BER dissector crash. (Bug 11828) CVE-2016-2522</p></li>
+	    <li><p>wnpa-sec-2016-03</p>
+	      <p>DNP dissector infinite loop. (Bug 11938) CVE-2016-2523</p></li>
+	    <li><p>wnpa-sec-2016-04</p>
+	      <p>X.509AF dissector crash. (Bug 12002) CVE-2016-2524</p></li>
+	    <li><p>wnpa-sec-2016-05</p>
+	      <p>HTTP/2 dissector crash. (Bug 12077) CVE-2016-2525</p></li>
+	    <li><p>wnpa-sec-2016-06</p>
+	      <p>HiQnet dissector crash. (Bug 11983) CVE-2016-2526</p></li>
+	    <li><p>wnpa-sec-2016-07</p>
+	      <p>3GPP TS 32.423 Trace file parser crash. (Bug 11982)
+		</p>CVE-2016-2527</li>
+	    <li><p>wnpa-sec-2016-08</p>
+	      <p>LBMC dissector crash. (Bug 11984) CVE-2016-2528</p></li>
+	    <li><p>wnpa-sec-2016-09</p>
+	      <p>iSeries file parser crash. (Bug 11985) CVE-2016-2529</p></li>
+	    <li><p>wnpa-sec-2016-10</p>
+	      <p>RSL dissector crash. (Bug 11829) CVE-2016-2530
+		CVE-2016-2531</p></li>
+	    <li><p>wnpa-sec-2016-11</p>
+	      <p>LLRP dissector crash. (Bug 12048) CVE-2016-2532</p></li>
+	    <li><p>wnpa-sec-2016-12</p>
+	      <p>Ixia IxVeriWave file parser crash. (Bug 11795)</p></li>
+	    <li><p>wnpa-sec-2016-13</p>
+	      <p>IEEE 802.11 dissector crash. (Bug 11818)</p></li>
+	    <li><p>wnpa-sec-2016-14</p>
+	      <p>GSM A-bis OML dissector crash. (Bug 11825)</p></li>
+	    <li><p>wnpa-sec-2016-15</p>
+	      <p>ASN.1 BER dissector crash. (Bug 12106)</p></li>
+	    <li><p>wnpa-sec-2016-16</p>
+	      <p>SPICE dissector large loop. (Bug 12151)</p></li>
+	    <li><p>wnpa-sec-2016-17</p>
+	      <p>NFS dissector crash.</p></li>
+	    <li><p>wnpa-sec-2016-18</p>
+	      <p>ASN.1 BER dissector crash. (Bug 11822)</p></li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2016-2522</cvename>
+      <cvename>CVE-2016-2523</cvename>
+      <cvename>CVE-2016-2524</cvename>
+      <cvename>CVE-2016-2525</cvename>
+      <cvename>CVE-2016-2526</cvename>
+      <cvename>CVE-2016-2527</cvename>
+      <cvename>CVE-2016-2528</cvename>
+      <cvename>CVE-2016-2529</cvename>
+      <cvename>CVE-2016-2530</cvename>
+      <cvename>CVE-2016-2531</cvename>
+      <cvename>CVE-2016-2532</cvename>
+      <url>https://www.wireshark.org/docs/relnotes/wireshark-2.0.1.html</url>
+    </references>
+    <dates>
+      <discovery>2016-02-26</discovery>
+      <entry>2016-03-01</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="42c2c422-df55-11e5-b2bd-002590263bf5">
+    <topic>wireshark -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>wireshark</name>
+	<name>wireshark-lite</name>
+	<name>wireshark-qt5</name>
+	<name>tshark</name>
+	<name>tshark-lite</name>
+	<range><lt>2.0.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Wireshark development team reports:</p>
+	<blockquote cite="https://www.wireshark.org/docs/relnotes/wireshark-2.0.1.html">
+	  <p>The following vulnerabilities have been fixed:</p>
+	  <ul>
+	    <li><p>wnpa-sec-2015-31</p>
+	      <p>NBAP dissector crashes. (Bug 11602, Bug 11835, Bug 11841)</p>
+		</li>
+	    <li><p>wnpa-sec-2015-37</p>
+	      <p>NLM dissector crash.</p></li>
+	    <li><p>wnpa-sec-2015-39</p>
+	      <p>BER dissector crash.</p></li>
+	    <li><p>wnpa-sec-2015-40</p>
+	      <p>Zlib decompression crash. (Bug 11548)</p></li>
+	    <li><p>wnpa-sec-2015-41</p>
+	      <p>SCTP dissector crash. (Bug 11767)</p></li>
+	    <li><p>wnpa-sec-2015-42</p>
+	      <p>802.11 decryption crash. (Bug 11790, Bug 11826)</p></li>
+	    <li><p>wnpa-sec-2015-43</p>
+	      <p>DIAMETER dissector crash. (Bug 11792)</p></li>
+	    <li><p>wnpa-sec-2015-44</p>
+	      <p>VeriWave file parser crashes. (Bug 11789, Bug 11791)</p></li>
+	    <li><p>wnpa-sec-2015-45</p>
+	      <p>RSVP dissector crash. (Bug 11793)</p></li>
+	    <li><p>wnpa-sec-2015-46</p>
+	      <p>ANSI A and GSM A dissector crashes. (Bug 11797)</p></li>
+	    <li><p>wnpa-sec-2015-47</p>
+	      <p>Ascend file parser crash. (Bug 11794)</p></li>
+	    <li><p>wnpa-sec-2015-48</p>
+	      <p>NBAP dissector crash. (Bug 11815)</p></li>
+	    <li><p>wnpa-sec-2015-49</p>
+	      <p>RSL dissector crash. (Bug 11829)</p></li>
+	    <li><p>wnpa-sec-2015-50</p>
+	      <p>ZigBee ZCL dissector crash. (Bug 11830)</p></li>
+	    <li><p>wnpa-sec-2015-51</p>
+	      <p>Sniffer file parser crash. (Bug 11827)</p></li>
+	    <li><p>wnpa-sec-2015-52</p>
+	      <p>NWP dissector crash. (Bug 11726)</p></li>
+	    <li><p>wnpa-sec-2015-53</p>
+	      <p>BT ATT dissector crash. (Bug 11817)</p></li>
+	    <li><p>wnpa-sec-2015-54</p>
+	      <p>MP2T file parser crash. (Bug 11820)</p></li>
+	    <li><p>wnpa-sec-2015-55</p>
+	      <p>MP2T file parser crash. (Bug 11821)</p></li>
+	    <li><p>wnpa-sec-2015-56</p>
+	      <p>S7COMM dissector crash. (Bug 11823)</p></li>
+	    <li><p>wnpa-sec-2015-57</p>
+	      <p>IPMI dissector crash. (Bug 11831)</p></li>
+	    <li><p>wnpa-sec-2015-58</p>
+	      <p>TDS dissector crash. (Bug 11846)</p></li>
+	    <li><p>wnpa-sec-2015-59</p>
+	      <p>PPI dissector crash. (Bug 11876)</p></li>
+	    <li><p>wnpa-sec-2015-60</p>
+	      <p>MS-WSP dissector crash. (Bug 11931)</p></li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://www.wireshark.org/docs/relnotes/wireshark-2.0.1.html</url>
+    </references>
+    <dates>
+      <discovery>2015-12-29</discovery>
+      <entry>2016-03-01</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="7bbc3016-de63-11e5-8fa8-14dae9d210b8">
     <topic>tomcat -- multiple vulnerabilities</topic>
     <affects>

More information about the svn-ports-all mailing list