Debian Patches
Status for wireshark/4.0.17-0+deb12u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 09_idl2wrs.patch | Do not try to locate wireshark_be.py and wireshark_gen.py in non-standard places. |
Frederic Peters <fpeters@debian.org> | no | 2019-12-22 | ||
| 0004-Use-packaged-JS-and-CSS-resources-instead-of-pulling.patch | Use packaged JS and CSS resources instead of pulling them from the Internet | Balint Reczey <balint.reczey@canonical.com> | no | 2019-03-10 | ||
| 0001-DOCSIS-Extended-EH-Elements-are-not-recursive.patch | DOCSIS: Extended EH Elements are not recursive Extended EH Elements, which are still not defined as of DOCSIS 4.0 and must be ignored (CM-SP-MULPIv4.0-I08-231211), are not recursive but instead have a full byte each for type and length instead of a nibble, allowing specifying more than 15 extended header types or extended header types with length longer than 15. Increment the position for the first type/length byte to make the logic more straightforward. Part of #19557 (backported from commit 77b0583568836554bd51ee8fde54ba5a3d000c0e) |
John Thacker <johnthacker@gmail.com> | no | 2024-01-01 | ||
| CVE-2024-11596.patch | ECMP: Exorcise a string buffer arithmetic gremlin Use a wmem_strbuf instead of manually allocating a string and managing its offsets. Avoid appending a dangling space to our string. Fixes #20214 (cherry picked from commit c8e58870733f88f275ca9a6fa115ed085f987d94) Conflicts: epan/dissectors/packet-ecmp.c |
Gerald Combs <gerald@wireshark.org> | no | https://gitlab.com/wireshark/wireshark/-/merge_requests/18076/diffs?commit_id=06e0b0bb0925fe4b99cfb7243cce473031b09dee | 2024-11-14 | |
| CVE-2025-5601.patch | column: Do not allow fence to go beyond column size when prepending When moving the fence location forward when prepending, ensure that it does not go past the end of the buffer. Also get rid of unnecessary branching and strlen calls. Fix #20509 (cherry picked from commit 53213086304caa3dfbdd7dc39c2668a3aea1a5c0) |
John Thacker <johnthacker@gmail.com> | no | https://gitlab.com/wireshark/wireshark/-/merge_requests/18076/diffs?commit_id=8c186dbb381cf51064fa8dbff7953468d5ae394c | 2025-04-26 | |
| CVE-2024-9781.patch | AppleTalk: Make sure we have valid addresses Make sure ATP, ZIP, and ASP have valid addresses. Use sizeof instead of a hard-coded value in a few places. Fixes #20114 (cherry picked from commit 3de741321f85c205c0a8266c40f33cb0013bd1d2) |
Gerald Combs <gerald@wireshark.org> | no | https://gitlab.com/wireshark/wireshark/-/commit/418fd5fe4b5934e8a4f53053c1de7bb94dba3811 | 2024-10-08 | |
| CVE-2025-9817.patch | ssh: Add a null check Fix #20642 (cherry picked from commit 39daba5e247ea495f88b0be82f0b7ebbdbf50fba) |
John Thacker <johnthacker@gmail.com> | no | https://gitlab.com/wireshark/wireshark/-/merge_requests/20668 | 2025-07-26 | |
| CVE-2025-11626.patch | Mongo: Avoid infinite loop in dissect_op_msg_section If the size of a a OP_MSG data section is indicated as -1, that leads to advancing the offset by section_len + 1, or zero, which causes an infinite loop. The total message and section lengths in Mongo are signed int32s; it is impossible for them to be negative, and impossible for the section length to be INT_MAX (since the message length includes the length of the four byte headers and flag bits.) Throw an error to avoid the offset moving backwards, an infinite loop, or signed integer overflow. Also update some URLs to their new locations. Fix #20724. (backported from commit 1ec4709cab382f7077ba66d2e382c2e75ce335c1) |
John Thacker <johnthacker@gmail.com> | no | https://gitlab.com/wireshark/wireshark/-/merge_requests/21448 | 2025-09-22 | |
| CVE-2025-13499.patch | Kafka: Fix decompress_snappy with no xerial chunks. Instead of returning true without setting outputs, report a failure to decompress and return false to the caller. Fix #20823 (cherry picked from commit 49137f8ce93c9f7ac55b69c8e089ba6a422f633e) |
Darius Davis <darius-wireshark@free-range.com.au> | no | https://gitlab.com/wireshark/wireshark/-/merge_requests/22048 | 2025-10-25 | |
| CVE-2025-13945.patch | epan: Use a GSequence for tvb_composite and make it non-recursive To speed up tvb_composites consisting of many child tvbuffs, use a GSequence. This is a data structure that internally has a balanced binary tree. It differs from GTree in that one can do initial insertions without sorting. In our case, the ordering at the time of tvb_composite_finalize is *the* ordering, and is the same ordering that comparing according to the calculated end offsets will have, so this is faster on insert than a GTree. Like a GTree, it is much faster O(log N) vs O(N) on lookup to find the location of the TVB with end offset greater than or equal to the desired offset than using a GQueue. Also, make composite_memcpy iterative instead of recursive, which removes the current hard limit of 500 without causing stack overflow with very large numbers of child TVBs. The file in #20860 works fine now but there could still be limits imposed (at least on the total number of bytes?) for a compression bomb more similar to the file found in #12077. (backported from commit 9139917bd8e2c80a5db7079993d5528db74e3519) |
John Thacker <johnthacker@gmail.com> | no | https://gitlab.com/wireshark/wireshark/-/merge_requests/22318 | 2025-11-14 | |
| CVE-2025-13946.patch | MEGACO: Handle tvb_get_uint8 returning -1 When dissecting a media descriptor, handle tvb_get_uint8 returning -1 when searching for a left or right bracket and not finding it by setting the bracket offset to the end offset so that the loop will exit. Leaving it at -1 can cause going backwards and at worst infinite loops. Fix #20884 (cherry picked from commit aba1fbe6266beb6bf9b887b6eab008e4f4841c9b) |
AndersBroman <a.broman58@gmail.com> | no | https://gitlab.com/wireshark/wireshark/-/merge_requests/22553 | 2025-12-01 | |
| CVE-2026-0960.patch | QUIC: Update reassembly ID for a new MSP When a QUIC frame has more than one MSP, the reassembly id for the second MSP has to be used when adding or looking it up, instead of the original reassembly id of the first MSP. Fixes reassembly of the file in #20944 in most cases, outside of issues with out of order UDP packets / QUIC packets. (cherry picked from commit 562c3c070c6f58d01904d42338489b1a64ad7655) |
John Thacker <johnthacker@gmail.com> | no | https://gitlab.com/wireshark/wireshark/-/merge_requests/23175 | 2026-01-12 | |
| CVE-2025-1492.patch | wscbor: Add a recursion check Blind-ish attempt at fixing #20373 (cherry picked from commit 83c73a83ad9ec7baa4bbf06d6da9cdd91009d5ed) Conflicts: epan/wscbor.c |
Gerald Combs <gerald@wireshark.org> | no | https://gitlab.com/wireshark/wireshark/-/merge_requests/19002 | 2025-02-05 |
All known versions for source package 'wireshark'
- 4.6.5-1 (sid)
- 4.6.4-1 (forky)
- 4.4.14-0+deb13u1 (trixie)
- 4.4.13-0+deb13u1 (trixie-security)
- 4.0.17-0+deb12u2 (bookworm-proposed-updates)
- 4.0.17-0+deb12u1 (bookworm)
- 4.0.11-1~deb12u1 (bookworm-security)