ethereal (0.9.4-1woody15) oldstable-security; urgency=high * Non-maintainer upload by the Security Team * Backported vulnerability disclosed by upstream * Details: http://anonsvn.ethereal.com/viewcvs/viewcvs.py?rev=REVISION&view=rev * The telnet dissector could overrun a buffer packet-telnet.c, r17051, CVE-2006-1936] * Null pointer dereferences in the SMB PIPE dissector and when reading a malformed Sniffer capture could crash ethereal [epan/dissectors/packet-smb-pipe.c, r17509, r17523, r17621, r17708, wiretap/ngsniffer.c, r17556, CVE-2006-1938] -- Martin Schulze Thu, 27 Apr 2006 19:53:46 +0200 ethereal (0.9.4-1woody14) oldstable-security; urgency=high * Non-maintainer upload by the Security Team * Backported new upstream version of dissect_ospf_v3_address_prefix() to fix buffer overflow and potential arbitrary code execution [epan/dissectors/packet-ospf.c, CVE-2005-3651] -- Martin Schulze Sat, 10 Dec 2005 17:16:24 +0100 ethereal (0.9.4-1woody13) oldstable-security; urgency=high * Non-maintainer upload for the Security Team * Security fixes for woody: * CAN-2005-2360 - free static memory and crash in LDAP Note: the crash does not apply as the code is not there. [ epan/dissectors/packet-ldap.c ] * CAN-2005-2361 - crash in several dissectors RADIUS: changed packet-radius.c IS-IS: changed packet-isis-lsp.c, tools/lemon/lemon.c * CAN-2005-2363 - infinite loop in dissectors 802.3: changed packet-ieee8023.c H1: changed packet-h1.c * CAN-2005-2365 - buffer overflow or memory exhaustion in SMB (Changed epan/dissectors/packet-smb.c) * CAN-2005-2367 - format strings found by iDEFENSE Changed packet-rsvp.c Changed packet-afp.c Changed packet-dcerpc-spoolss.c Changed packet-ncp2222.inc * Notice that fixes for the following vulnerabilities are not applied as the vulnrable code is not present: * CAN-2005-2361 - crash in several dissectors: AgentX PER DOCSIS Telnet HTTP DCERPC DHCP SCTP NCP * CAN-2005-2363 - infinite loop in dissectors: SMPP DHCP Megaco * CAN-2005-2364 - null pointer dereference WBXML GIOP CAMEL * CAN-2005-2366 - abort or infinite loop in BER -- Javier Fernandez-Sanguino Pen~a Sun, 18 Sep 2005 22:49:08 +0200 ethereal (0.9.4-1woody12) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix buffer overflow in the IAPP dissector [packet-iapp.c, CAN-2005-0739] -- Martin Schulze Sun, 13 Mar 2005 18:04:34 +0100 ethereal (0.9.4-1woody11) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected the backported patch to fix buffer overflow in X11 dissector [packet-x11.c, CAN-2005-0084] -- Martin Schulze Thu, 20 Jan 2005 16:22:42 +0100 ethereal (0.9.4-1woody10) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported upstream patch to fix buffer overflow in X11 dissector [packet-x11.c, CAN-2005-0084] -- Martin Schulze Thu, 20 Jan 2005 11:24:25 +0100 ethereal (0.9.4-1woody9) stable-security; urgency=high * Non-maintainer upload by the Security Team * Patch from upstream CVS to fix DoS vulnerability in SMB dissector (CAN-2004-1142) -- Steve Kemp Wed, 15 Dec 2004 23:29:41 -0700 ethereal (0.9.4-1woody8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Patch from upstream CVS to fix DoS vulnerability in SNMP dissector (CAN-2004-0635) -- Matt Zimmerman Tue, 6 Jul 2004 20:47:50 -0700 ethereal (0.9.4-1woody7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix applicable vulnerabilities from http://www.ethereal.com/appnotes/enpa-sa-00013.html - CAN-2004-0176: buffer overflows - EIGRP - PGM - BGP - tcap, irda, igap, and netflow are not present in this version - CAN-2004-0367: zero-length presentation protocol selector (not vulnerable) - CAN-2004-0365: crash on RADIUS packet (not vulnerable) -- Matt Zimmerman Sat, 1 May 2004 23:33:13 -0700 ethereal (0.9.4-1woody6) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix vulnerabilities announced in : . CAN-2003-0925: packet-gtp.c (Bug#219590) . CAN-2003-0926: packet-isakmp.c (Bug#219590) . CAN-2003-0927: packet-socks.c (Bug#219590) * Fix vulnerabilities announced in : . CAN-2003-1012: packet-smb.c (Bug#223889) . CAN-2003-1013: packet-q931.c (Bug#223889) -- Martin Schulze Sat, 20 Dec 2003 13:14:50 +0100 ethereal (0.9.4-1woody5) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix vulnerabilities announced in enpa-sa-00010 - throw an error on zero-length bufsize in tvb_get_nstringz0 (CAN-2003-0431) [epan/tvbuff.c] - Fix over-allocation problem in DCERPC dissector (CAN-2003-0428) [packet-dcerpc-lsa.c] - Fix overflow with bad IPv4 or IPv6 prefix lengths (CAN-2003-0429) [packet-isis-lsp.c] - Use a slightly larger buffer in print_tsap (CAN-2003-0432) [packet-clnp.c] - Check snprintf return value correctly (CAN-2003-0432) [packet-isakmp.c, packet-wsp.c, packet-ieee80211.c, packet-dns.c] - Fix buffer overflows on szInfo buffer (CAN-2003-0432) [packet-wtp.c] - Use consistent buffer size for valString (CAN-2003-0432) [packet-wsp.c] - Use a GString to avoid all sorts of dangerous buffer handling with strcat, sprintf, strncpy (CAN-2003-0432) [packet-isis-clv.c, packet-dns.c, packet-bgp.c] -- Matt Zimmerman Mon, 16 Jun 2003 22:57:46 -0400 ethereal (0.9.4-1woody4) stable-security; urgency=low * Non-maintainer upload by the Security Team * Fix buffer overflow in tvb_get_nstringz* [epan/tvbuff.c] * Fix integer overflows [packet-ppp.c, packet-mount.c] * Update usage of tvb_get_nstringz* to match new semantics [packet-aim.c, packet-smb-browse.c, packet-pptp.c] -- Matt Zimmerman Sun, 25 May 2003 13:01:59 -0400 ethereal (0.9.4-1woody3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fixed an exploitable format string vulnerability (CAN-2003-0081) -- Martin Schulze Thu, 27 Feb 2003 17:44:01 +0100 ethereal (0.9.4-1woody2) stable-security; urgency=high * Non-maintainer upload by security team * Applied upstream patch to fixe a buffer overflow in ISIS dissector, denoted as "Use a GString to hold the formatted area address, so that we don't overflow a fixed-length buffer." (see http://www.ethereal.com/appnotes/enpa-sa-00006.html, CAN-2002-0834) -- Martin Schulze Fri, 23 Aug 2002 10:11:16 +0200 ethereal (0.9.4-1woody1) testing-security; urgency=high * Fixes security issues (backport from 0.9.5): - The BGP dissector is vulnerable to a buffer overflow. - The WCP (Wellfleet Compression Protocol) dissector is is vulnerable to buffer overflows in large (> 2048 byte) frames. - The SOCKS, RSVP, AFS and LMP dissectors are susceptible to core dumps. (see http://www.ethereal.com/appnotes/enpa-sa-00005.html) -- Frederic Peters Mon, 8 Jul 2002 15:46:54 +0200 ethereal (0.9.4-1) unstable; urgency=medium * New upstream release. * Fixes four security issues. (closes: #147595) (http://www.ethereal.com/appnotes/enpa-sa-00004.html) -- Frederic Peters Mon, 20 May 2002 01:10:21 +0200 ethereal (0.9.3-1) unstable; urgency=medium * New upstream release * Fixes ASN.1 zero-length g_malloc that could lead to security problems. (see http://www.ethereal.com/appnotes/enpa-sa-00003.html) -- Frederic Peters Sun, 31 Mar 2002 21:45:11 +0200 ethereal (0.9.2-3) unstable; urgency=low * debian/rules: fixed typo that could have caused snmp not to be built. (closes: #140147) This would happen if 1) built from the CVS tree and 2) built on a system without libsnmp-dev ("impossible" since we build-depend on it). Anyway it is fixed for correctness. -- Frederic Peters Wed, 27 Mar 2002 14:00:31 +0100 ethereal (0.9.2-2) unstable; urgency=low * Added libwiretap.a to ethereal-dev (closes: #137971) -- Frederic Peters Tue, 12 Mar 2002 11:59:04 +0100 ethereal (0.9.2-1) unstable; urgency=low * New upstream release. -- Frederic Peters Tue, 5 Mar 2002 10:30:24 +0100 ethereal (0.9.1-8) unstable; urgency=low * debian/control: changed ethereal-dev section to devel. -- Frederic Peters Mon, 25 Feb 2002 14:50:49 +0100 ethereal (0.9.1-7) unstable; urgency=low * debian/control: changed ethereal-dev Depends line to use omniidl-python and no omniorb. -- Frederic Peters Mon, 25 Feb 2002 13:47:42 +0100 ethereal (0.9.1-6) unstable; urgency=low * debian/control: fix Depends line for ethereal-dev (added libpcap-dev) * idl2eth: added PYTHONPATH so that it runs. -- Frederic Peters Mon, 18 Feb 2002 11:48:01 +0100 ethereal (0.9.1-5) unstable; urgency=low * debian/rules: added --disable-ssl so that ethereal is not built with ssl support and may be uploaded to main. (closes: #134273) -- Frederic Peters Mon, 18 Feb 2002 09:33:30 +0100 ethereal (0.9.1-4) unstable; urgency=low * debian/rules: added forgotten header files to ethereal-dev. (really closes: #105916) -- Frederic Peters Fri, 15 Feb 2002 10:12:15 +0100 ethereal (0.9.1-3) unstable; urgency=low * debian/rules: after the quick and dirty repackaging of 0.9.1-1 this one should be much better: 4 packages: ethereal-common, ethereal, tethereal and etherel-dev (last three depending on ethereal-common). This should address Christian Kurz remarks. (closes: #133798, #133796, #133806) This should also please W. Borgert. (closes: #105916) -- Frederic Peters Wed, 13 Feb 2002 20:36:12 +0100 ethereal (0.9.1-2) unstable; urgency=low * debian/control: fixed typo in tethereal description (closes: #133019) -- Frederic Peters Fri, 8 Feb 2002 23:55:49 +0100 ethereal (0.9.1-1) unstable; urgency=low * New upstream release. * Fixed protocol hierarchy display (closes: #131676) * It is possible to see TOS fields instead of DS fields in IP header. (option in preferences dialog) (closes: #121046) * debian/rules: totally revamped build process: create an additional tethereal package that doesn't depend on GTK+ (closes: #103488) It is not yet perfect but I'm working on it... -- Frederic Peters Mon, 28 Jan 2002 18:25:25 +0100 ethereal (0.9.0-1) unstable; urgency=low * New upstream release. * Upstream fixed SNMP bugs (closes: #114361, #119580) * Upstream fixed Sender->Receiver bug (closes: #112327) * debian/copyright: fixed 'license' spelling. * debian/rules: fixed 'clean' target to remove temporary files. * debian/rules: moved $sysconfdir to /usr/share/ethereal since $sysconfdir is not used here to store config files. (closes: #127638) -- Frederic Peters Thu, 3 Jan 2002 19:43:18 +0100 ethereal (0.8.20-1) unstable; urgency=low * New upstream release. -- Frederic Peters Fri, 19 Oct 2001 10:49:35 +0200 ethereal (0.8.19-2) unstable; urgency=low * debian/rules: added call to libtoolize so that it compiles on hppa. (closes: #108662) -- Frederic Peters Mon, 17 Sep 2001 14:23:34 +0200 ethereal (0.8.19-1) unstable; urgency=low * New upstream release. * debian/control: improved description of package. (closes: #104744) -- Frederic Peters Sat, 14 Jul 2001 11:57:12 +0200 ethereal (0.8.17-1) unstable; urgency=low * New upstream release. -- Frederic Peters Fri, 13 Apr 2001 13:33:35 +0200 ethereal (0.8.16-1) unstable; urgency=low * New upstream release. -- Frederic Peters Thu, 8 Mar 2001 09:07:34 +0100 ethereal (0.8.15-2) unstable; urgency=low * Rebuilt against libsnmp4.2 (closes: #83720) * It is possible to not go in promiscuous mode (-p) (actually it was for some time...) (closes: #34376) -- Frederic Peters Sat, 27 Jan 2001 13:39:05 +0100 ethereal (0.8.15-1) unstable; urgency=low * New upstream release. -- Frederic Peters Sat, 13 Jan 2001 19:36:26 +0100 ethereal (0.8.14-2) unstable; urgency=low * Fix for the socks dissector. (closes: #81164) (patch by Jeff Foster ) -- Frederic Peters Thu, 11 Jan 2001 00:27:02 +0100 ethereal (0.8.14-1) unstable; urgency=low * New upstream release. * Officially fixes the buffer overflow exploit mentioned below (as well as other possible ones) -- Frederic Peters Tue, 21 Nov 2000 22:48:16 +0100 ethereal (0.8.13-3) unstable; urgency=low * Fixed possible buffer overflow exploit in packet-afs.c (I could not reproduce it so I don't know if my fix really works, please test it) (exploit is on http://www.hacksware.com) -- Frederic Peters Tue, 21 Nov 2000 22:47:59 +0100 ethereal (0.8.13-2) unstable; urgency=low * Rebuilt against XFree86 4.0 libs (now that I'm allowed to...) * Rebuilt against zlibg1 1.1.13-1 that has a correct shlibs file (closes: #76533, #76552) -- Frederic Peters Fri, 10 Nov 2000 17:39:40 +0100 ethereal (0.8.13-1) unstable; urgency=low * New upstream release. -- Frederic Peters Sun, 29 Oct 2000 23:58:38 +0100 ethereal (0.8.12-1) unstable; urgency=low * New upstream release. * Patch for SRVLOC frames has been applied upstrem. -- Frederic Peters Mon, 18 Sep 2000 10:22:27 +0200 ethereal (0.8.11-1) unstable; urgency=low * New upstream release. * Applied patch to fix hang on some SRVLOC frames (closes: #68024) -- Frederic Peters Thu, 10 Aug 2000 21:06:52 +0200 ethereal (0.8.10-1) unstable; urgency=low * New upstream release. * Added debhelper to Build-depends (closes: #66391) -- Frederic Peters Tue, 11 Jul 2000 22:36:45 +0200 ethereal (0.8.9-2) unstable; urgency=low * Updated Build-depends to match libsnmp (closes: #66018) (it's the same entry as for 0.8.7-2; I need some sleep) -- Frederic Peters Thu, 22 Jun 2000 23:59:29 +0200 ethereal (0.8.9-1) unstable; urgency=low * New upstream release. -- Frederic Peters Tue, 20 Jun 2000 14:17:00 +0200 ethereal (0.8.8-1) unstable; urgency=low * New upstream release. -- Frederic Peters Wed, 10 May 2000 17:20:36 +0200 ethereal (0.8.7-2) unstable; urgency=low * Updated Build-depends to match libsnmp (closes: #63753) -- Frederic Peters Mon, 8 May 2000 19:02:29 +0200 ethereal (0.8.7-1) unstable; urgency=low * New upstream release. -- Frederic Peters Mon, 17 Apr 2000 18:41:21 +0200 ethereal (0.8.6-1) unstable; urgency=low * New upstream release. * Linked against libsnmp4.1 (closes: #62324) -- Frederic Peters Fri, 14 Apr 2000 19:45:53 +0200 ethereal (0.8.4-1) unstable; urgency=low * New upstream release. * Applied fix for correct decapsulation of PPP frames (closes: #59663) (patch provided by Thomas Quinot ) -- Frederic Peters Sun, 5 Mar 2000 20:04:11 +0100 ethereal (0.8.3-1) unstable; urgency=low * New upstream release. * Checked PPTP problems (fix was introduced in 0.8.2) (closes: #55347) -- Frederic Peters Sat, 5 Feb 2000 23:51:26 +0100 ethereal (0.8.2-2) unstable; urgency=low * debian/control: fixed Build-Depends line (closes: #56707) -- Frederic Peters Mon, 31 Jan 2000 19:29:21 +0100 ethereal (0.8.2-1) unstable; urgency=low * New upstream release. -- Frederic Peters Sat, 29 Jan 2000 01:53:50 +0100 ethereal (0.8.1-2) unstable; urgency=low * debian/control: added Build-Depends * debian/control: modified description to match the README file * debian/rules: added --disable-static to ./configure * compiled with SNMP support (through libsnmp) -- Frederic Peters Thu, 20 Jan 2000 18:30:40 +0100 ethereal (0.8.1-1) unstable; urgency=low * New upstream release. * Fixed duplicate manpage installation. (closes: #55438) -- Frederic Peters Wed, 19 Jan 2000 09:29:56 +0100 ethereal (0.8.0-1) unstable; urgency=low * New upstream release. -- Frederic Peters Sat, 1 Jan 2000 23:50:44 +0100 ethereal (0.7.9-1) unstable; urgency=low * New upstream release. -- Frederic Peters Sat, 25 Dec 1999 00:55:00 +0100 ethereal (0.7.7-1) unstable; urgency=low * New upstream release. -- Frederic Peters Fri, 29 Oct 1999 14:09:01 +0200 ethereal (0.7.3-2) unstable; urgency=low * Fixed debian/rules to work with the new debhelper that create FHS compliant packages. (Fixes: #44613) -- Frederic Peters Thu, 9 Sep 1999 18:29:12 +0200 ethereal (0.7.3-1) unstable; urgency=low * New upstream release. -- Frederic Peters Sun, 5 Sep 1999 20:06:10 +0200 ethereal (0.7.2-1) unstable; urgency=low * New upstream release. -- Frederic Peters Sat, 14 Aug 1999 18:32:28 +0200 ethereal (0.7.1-1) unstable; urgency=low * New upstream release. -- Frederic Peters Sat, 7 Aug 1999 16:29:03 +0200 ethereal (0.6.3-2) unstable; urgency=low, closes=41908 * Renamed NEWS to changelog since this is the upstream ChangeLog (fixes bug #41908) -- Frederic Peters Tue, 27 Jul 1999 20:19:28 +0200 ethereal (0.6.3-1) unstable; urgency=low * New upstream release. * Moved directories to comply with FHS (and Standards 3.0.0) -- Frederic Peters Sat, 24 Jul 1999 00:36:46 +0200 ethereal (0.6.2-1) unstable; urgency=low * New upstream release. -- Frederic Peters Tue, 25 May 1999 16:47:08 +0200 ethereal (0.6.1-1) unstable; urgency=low * New upstream release. -- Frederic Peters Sun, 2 May 1999 23:30:38 +0200 ethereal (0.5.1-3) unstable; urgency=low * Fixed package building (Bug#35657 (report and patch from bartw@xs4all.nl) -- Frederic Peters Sat, 10 Apr 1999 19:20:29 +0200 ethereal (0.5.1-2) unstable; urgency=low * Compiled against libgtk1.2 * Moved /usr/etc/manuf to /etc/manuf (it's now lintian clean) -- Frederic Peters Mon, 8 Mar 1999 22:33:04 +0100 ethereal (0.5.1-1) unstable; urgency=low * New upstream release. -- Frederic Peters Sat, 9 Jan 1999 16:51:28 +0100 ethereal (0.5.0-2) unstable; urgency=low * Fixed package building (Bug#30110) -- Frederic Peters Thu, 3 Dec 1998 13:15:53 +0100 ethereal (0.5.0-1) unstable; urgency=low * New upstream release. -- Frederic Peters Tue, 24 Nov 1998 16:04:15 +0100 ethereal (0.4.0-1) unstable; urgency=low * New upstream release. -- Frederic Peters Sat, 17 Oct 1998 17:20:01 +0200 ethereal (0.3.17-1) unstable; urgency=low * New upstream release. -- Frederic Peters Tue, 29 Sep 1998 20:01:11 +0200 ethereal (0.3.16-2) unstable; urgency=low * New versions aren't just for Alpha people :) (fixes #26914) -- Frederic Peters Fri, 25 Sep 1998 17:03:39 +0200 ethereal (0.3.16-1) unstable; urgency=low * New upstream version -- Frederic Peters Sat, 19 Sep 1998 10:55:48 +0200 ethereal (0.3.15-1.1) unstable; urgency=low * non-maintainer upload for Alpha * GTK cflags ans library flags were not passed to the compiler. -- Paul Slootman Mon, 21 Sep 1998 22:49:32 +0200 ethereal (0.3.15-1) unstable; urgency=low * Initial Release. -- Frederic Peters Sun, 13 Sep 1998 23:05:47 +0200