This fixes the following CVEs:
- CVE-2020-9428:
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
the EAP dissector could crash. This was addressed in
epan/dissectors/packet-eap.c by using more careful sscanf parsing.
- CVE-2020-9429:
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash.
This was addressed in epan/dissectors/packet-wireguard.c by
handling the situation where a certain data structure intentionally
has a NULL value.
- CVE-2020-9430:
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
the WiMax DLMAP dissector could crash.
This was addressed in plugins/epan/wimax/msg_dlmap.c by validating
a length field.
- CVE-2020-9431:
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
the LTE RRC dissector could leak memory. This was addressed in
epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-3.2.1.txt
-sha1 d0b8eb3e01264afb98ec151d7114ed14cf174ced wireshark-3.2.1.tar.xz
-sha256 589f640058d6408ebbd695a80ebbd6e7bd99d8db64ecda253d27100dfd27e85b wireshark-3.2.1.tar.xz
+# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-3.2.2.txt
+sha1 9cc54a56e9c2ed77e1bc436d9ae2f7bba68d26f8 wireshark-3.2.2.tar.xz
+sha256 5f5923ef4c3fee370ed0ca1bb324f37c246015eba4a7e74ab95d9208feeded79 wireshark-3.2.2.tar.xz
# Locally calculated
sha256 7cdbed2b697efaa45576a033f1ac0e73cd045644a91c79bbf41d4a7d81dac7bf COPYING
#
################################################################################
-WIRESHARK_VERSION = 3.2.1
+WIRESHARK_VERSION = 3.2.2
WIRESHARK_SOURCE = wireshark-$(WIRESHARK_VERSION).tar.xz
WIRESHARK_SITE = https://www.wireshark.org/download/src/all-versions
WIRESHARK_LICENSE = wireshark license
projects / buildroot.git / commitdiff