Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: Multiple issues fixed in wireshark 1.6.2
From: Josh Bressers <bressers () redhat com>
Date: Wed, 14 Sep 2011 14:19:44 -0400 (EDT)

----- Original Message -----

2. Wireshark Lua script execution vulnerability
http://www.wireshark.org/security/wnpa-sec-2011-15.html
https://bugzilla.redhat.com/show_bug.cgi?id=737784

Use CVE-2011-3360 for the above.


Are the below worth assigning CVE ids to? The advisory seems to suggest
they are crash only fixes. Do those deserve CVE IDs? I know we've been
fairly generous with wireshark in the past, but I'm wondering if we need to
draw a line somewhere.


1, Wireshark CSN.1 dissector vulnerability
http://www.wireshark.org/security/wnpa-sec-2011-16.html
https://bugzilla.redhat.com/show_bug.cgi?id=737783

3. Wireshark buffer exception handling vulnerability
http://www.wireshark.org/security/wnpa-sec-2011-14.html
https://bugzilla.redhat.com/show_bug.cgi?id=737785

4. Wireshark OpenSafety dissector vulnerability
http://www.wireshark.org/security/wnpa-sec-2011-12.html
https://bugzilla.redhat.com/show_bug.cgi?id=737787


Thanks.

-- 
    JB


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault