1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1107515: wireshark: CVE-2025-5601

    From Salvatore Bonaccorso@21:1/5 to All on Sun Jun 8 16:00:01 2025
    Source: wireshark
    Version: 4.4.6-2
    Severity: grave
    Tags: security upstream
    Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/20509
    X-Debbugs-Cc: s, carnil@debian.org, Debian Security Team <team@security.debian.org>
    Control: fixed -1 4.4.7-0exp1

    Hi,

    The following vulnerability was published for wireshark.

    Note, technically not necessary RC level, but we should try to get
    this fixed in trixie before the trixie release. It is already fixed in experimental via the 4.4.7-0exp1 upload.

    CVE-2025-5601[0]:
    | Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to
    | 4.2.12 allows denial of service via packet injection or crafted
    | capture file


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2025-5601
    https://www.cve.org/CVERecord?id=CVE-2025-5601
    [1] https://www.wireshark.org/security/wnpa-sec-2025-02.html
    [2] https://gitlab.com/wireshark/wireshark/-/issues/20509

    Please adjust the affected versions in the BTS as needed.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Sun Jun 8 16:00:01 2025
    Processing control commands:

    fixed -1 4.4.7-0exp1
    Bug #1107515 [src:wireshark] wireshark: CVE-2025-5601
    Marked as fixed in versions wireshark/4.4.7-0exp1.

    --
    1107515: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107515
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Tue Jun 10 18:40:01 2025
    This is a multi-part message in MIME format...

    Your message dated Tue, 10 Jun 2025 16:36:00 +0000
    with message-id <E1uP1xA-00FKqQ-FG@fasolo.debian.org>
    and subject line Bug#1107515: fixed in wireshark 4.4.7-1
    has caused the Debian Bug report #1107515,
    regarding wireshark: CVE-2025-5601
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1107515: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107515
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 8 Jun 2025 13:49:16 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-8.6 required=4.0 tests=BAYES_00,FROMDEVELOPER,
    KHOP_HELO_FCRDNS,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,
    RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED,
    RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG autolearn=ham
    autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 25; hammy, 149; neutral, 44; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--trixie, 0.000-+--H*r:eldamar.lan Return-path: <carnil@debian.org>
    Received: from c-82-192-244-13.customer.ggaweb.ch ([82.192.244.13]:34208 h