tcpdump (3.6.2-2.9) oldstable-security; urgency=high * Security upload * Backport change from upstream CVS to fix BGP infinite loop vulnerability [print-bgp.c, CAN-2005-1279] -- Romain Francoise Wed, 27 Apr 2005 21:21:57 +0200 tcpdump (3.6.2-2.8) stable-security; urgency=high * Backport changes from upstream CVS to fix ISAKMP payload handling denial-of-service vulnerabilities (CAN-2004-0183, CAN-2004-0184). Detailed changes (with corresponding upstream revisions): + Add length checks in isakmp_id_print() (print-isakmp.c, rev. 1.47) + Add data checks all over the place, change rawprint() prototype and add corresponding return value checks (print-isakmp.c, rev. 1.46) + Add missing ntohs() and change length initialization in isakmp_id_print(), not porting prototype changes (print-isakmp.c, rev. 1.45) -- Romain Francoise Tue, 6 Apr 2004 19:39:24 +0200 tcpdump (3.6.2-2.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Recap and correct 3.6.2-2.[56] in light of new CAN assignments: - print-radius.c: backport another potential overflow fix from upstream CVS, version 1.23->1.24 (CAN-2004-0055) - print-isakmp.c: backport potential overflow fixes from upstream CVS versions 1.38->1.39 (CAN-2003-0989) and 1.41->1.42 (CAN-2004-0057) - print-l2tp.c: backport potential overflow fixes from upstream CVS versions 1.16->1.17 (CAN-2003-1029) -- Matt Zimmerman Thu, 15 Jan 2004 11:16:48 -0800 tcpdump (3.6.2-2.6) stable-security; urgency=high * Non-maintainer upload by the Security Team * print-radius.c: backport another potential overflow fix from upstream CVS, version 1.23->1.24 -- Matt Zimmerman Wed, 14 Jan 2004 09:12:09 -0800 tcpdump (3.6.2-2.5) stable-security; urgency=high * Non-maintainer upload by the Security Team * print-isakmp.c: backport potential overflow fixes from upstream CVS versions 1.38->1.39 and 1.41->1.42 (CAN-2003-0989) * print-l2tp.c: backport potential overflow fixes from upstream CVS versions 1.16->1.17 -- Matt Zimmerman Wed, 14 Jan 2004 08:24:22 -0800 tcpdump (3.6.2-2.4) stable-security; urgency=low * Non-maintainer upload by security team * print-radius.c: Fix RADIUS decoder to avoid infinite loops on packets (including some valid packets) -- Matt Zimmerman Fri, 28 Feb 2003 18:46:17 -0500 tcpdump (3.6.2-2.3) stable-security; urgency=high * Non-maintainer upload by security team * Added upstream patch to fix infinite loop when parsing ISAKMP (CAN-2003-0108) and BGP packets, and buffer overflow when parsing NFS packets -- Martin Schulze Wed, 26 Feb 2003 21:53:08 +0100 tcpdump (3.6.2-2.2) stable-security; urgency=high * Non-maintainer upload by security team * Merge BGP decoding patch from SCO advisory CSSA-2002-050.0 -- Wichert Akkerman Fri, 22 Nov 2002 21:33:15 +0100 tcpdump (3.6.2-2.0.1) testing-security; urgency=high * Non-maintainer upload by security team * No longer use du_suidmanager, it's obsolete * Merge snaplen patch from RH (RH bugzilla #55145) -- Wichert Akkerman Fri, 12 Jul 2002 15:40:30 +0200 tcpdump (3.6.2-2) unstable; urgency=HIGH * print-rx.c: Take the version from current CVS fixing the remote buffer overflow reported in FreeBSD Security Advisory SA-01:48 yesterday. Thanks to Matt Zimmerman for forwarding the report, I might have missed it. * debian/control: Clean the Build-Depends from build-essential packages. -- Torsten Landschoff Thu, 19 Jul 2001 15:03:48 +0200 tcpdump (3.6.2-1) unstable; urgency=low * New upstream release. -- Torsten Landschoff Tue, 6 Mar 2001 04:18:16 +0100 tcpdump (3.6.1-2) unstable; urgency=low * debian/rules: Force support for IPv6 (closes: #82665). * print-icmp6.c: Removed duplicate definition also in icmp6.h to get the package to compile with IPv6. * Rebuild should fix the missing libpcap0-dependency (closes: #82666). Additional info: The missing dependency was because the configure script found my libpcap sources in the parent directory. Black magic always works against you :( -- Torsten Landschoff Thu, 18 Jan 2001 00:44:01 +0100 tcpdump (3.6.1-1) unstable; urgency=high * Taking back the package. Kudos to Anand for his help. * New upstream release. This release fixes a security hole in print-rx.c. * debian/rules: Disable crypto support (closes: #81969). * Removed empty README.Debian (closes: #81966). -- Torsten Landschoff Tue, 16 Jan 2001 16:04:03 +0100 tcpdump (3.5.2-3) unstable; urgency=low * Fixup dependancy stuff. Sheesh. (Closes: #78063, #78081, #78082) -- Anand Kumria Tue, 28 Nov 2000 02:16:01 +1100 tcpdump (3.5.2-2) unstable; urgency=low * Update both config.guess and config.sub (Closes: #36692, #53145) * Opps, make the .diff available. * We require a particular libpcap version to work (Closes: #77877) -- Anand Kumria Mon, 27 Nov 2000 01:13:55 +1100 tcpdump (3.5.2-1) unstable; urgency=low * New Maintainer * New upstream release (Closes: #75889) * Upstream added hex dump (-x) and ascii dump (-X) Closes: #23514, #29418) * Acknowledge and incorporate security fixes (Closes: #63708, #77489) * Appletalk / Ethertalk patches are in (Closes: #67642) -- Anand Kumria Wed, 22 Nov 2000 13:19:33 +1100 tcpdump (3.4a6-4.1) frozen unstable; urgency=high * Non-maintainer upload by security team * Apply patch from tcpdump-workers mailinglist to fix DNS DoS attack against tcpdump. Based on patch from Guy Harris as found on http://www.tcpdump.org/lists/workers/1999/msg00607.html * Fix Build-Depends entry in debian/control -- Wichert Akkerman Sun, 7 May 2000 15:17:33 +0200 tcpdump (3.4a6-4) unstable; urgency=low * New maintainer. * tcpdump.c (main): Reestablish priviliges before closing the device (closes: #19959). * It seems the problem with ppp came from the kernel - I can dump packages on ppp0 just fine... (closes: #25757) * print-tcp.c (tcp_print): Applied patch from David S. Miller submitted by Andrea Arcangeli to fix tcpdump sack TCP option interpretation (closes: #28530). * print-bootp.c (rfc1048_print): Interpret timezone offset as signed (closes: #40376). Fixed byte order problem in printing internet addresses (closes: #40375). Thanks to Roderick Schertler for the patch. * Several files: Applied SMB patch from samba.org (closes: #27653). * print-ip.c (ip_print): Check for ip headers with less than 5 longs. Patch taken from RedHat's source package. * Redid debian/rules using debhelper. * Makefile.in: Install the manpage into man8 instead of man1. * tcpdump.1: Moved to section 8 (admin commands). * print-smb.c (print_smb): Disabled anything but printing the command info by default. Otherwise we would get flooded with smb information. You can get all info using -vvv. Two -v's will give you the SMB headers. * tcpdump.1: Documented the behaviour described above. -- Torsten Landschoff Mon, 22 Nov 1999 01:31:44 +0100 tcpdump (3.4a6-3) frozen unstable; urgency=low * fixed permissions -- Peter Tobias Mon, 30 Mar 1998 02:28:39 +0200 tcpdump (3.4a6-2) frozen unstable; urgency=low * rebuild with latest debmake, fixes #19415 (should also fix the lintian warnings) * updated standards-version -- Peter Tobias Mon, 30 Mar 1998 00:28:39 +0200 tcpdump (3.4a6-1) unstable; urgency=low * updated to latest upstream version, fixes: Bug#17163 * install changelog.Debian compressed, fixes: Bug#15417 -- Peter Tobias Sun, 1 Feb 1998 00:08:31 +0100 tcpdump (3.4a4-1) unstable; urgency=low * updated to latest upstream version * libc6 version -- Peter Tobias Wed, 17 Sep 1997 23:22:54 +0200 tcpdump (3.3.1a2-1) frozen stable unstable; urgency=medium * updated to latest upstream version (works with new libpcap now) -- Peter Tobias Sat, 24 May 1997 00:49:17 +0200 tcpdump (3.3-2) unstable; urgency=low * fixed SLIP support -- Peter Tobias Sun, 16 Feb 1997 21:06:51 +0100 tcpdump (3.3-1) unstable; urgency=low * updated to latest upstream version -- Peter Tobias Thu, 16 Jan 1997 01:34:00 +0100