152890 – ethereal CAN-2004-1139-42,2005-0006-10,2005-0084 vulns

Bug 152890 - ethereal CAN-2004-1139-42,2005-0006-10,2005-0084 vulns

Summary: ethereal CAN-2004-1139-42,2005-0006-10,2005-0084 vulns

Keywords:
Status:	CLOSED DUPLICATE of bug 152922
Alias:	None
Product:	Fedora Legacy
Classification:	Retired
Component:	ethereal
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Fedora Legacy Bugs
QA Contact:
Docs Contact:
URL:
Whiteboard:	1, LEGACY, rh73, rh90
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-01-31 15:54 UTC by David Lawrence
Modified:	2007-04-18 17:22 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-05-16 10:38:52 UTC
Embargoed:

Attachments	(Terms of Use)

Description David Lawrence 2005-03-30 23:31:07 UTC

a bunch of vulns have been reported in ethereal.  many of these aren't relevant
to the legacy versions, but some are:
CAN-2004-1139
CAN-2004-1140
CAN-2004-1141
CAN-2004-1142
CAN-2005-0006
CAN-2005-0007
CAN-2005-0008
CAN-2005-0009
CAN-2005-0010
CAN-2005-0084



------- Additional Comments From michal 2005-02-07 13:38:27 ----

After current updates Red Hat is using basically the same 0.10.9 source across
the board from RHEL2 to FC3.  ethereal-0.10.9-1.AS21.1.src.rpm includes
ethereal.wmconfig, the same one as ethereal-0.10.3-0.73.3.legacy.src.rpm,
while ethereal-0.10.9-1.FC{2,3}.1.src.rpm have ethereal.console,
ethereal.desktop, ethereal.pam and ethereal.png instead.  Also legacy
specs have more extensive list of Requires/BuildRequires.  Apart of other
minor spec details that is it.

There are no issues with recompiling ethereal-0.10.9-1.AS21.1.src.rpm, with
a slightly adjusted spec file, on RH7.3



------- Additional Comments From marcdeslauriers 2005-02-09 13:51:15 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated ethereal packages to QA:

Changelog 7.3:
* Mon Feb 07 2005 Marc Deslauriers <marcdeslauriers>
0.10.9-0.73.1.legacy
- - Updated to 0.10.9 to fix multiple security issues (FL#2407)
- - Modified configure parameters
- - Added gcc patch

Changelog 9:
* Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers>
0.10.9-0.90.1.legacy
- - Updated to 0.10.9 to fix multiple security issues (FL#2407)
- - Modified configure parameters

Changelog fc1:
* Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers>
0.10.9-1.FC1.1.legacy
- - Updated to 0.10.9 to fix multiple security issues (FL#2407)
- - Added htmlview patch
- - Changed BuildRequires to gtk2

7.3:
c59f69fa5aee10aefb80df36351f0bf8cd10ffd0  ethereal-0.10.9-0.73.1.legacy.i386.rpm
9902d66fc5fe8b408d5afa199eb9d7bc0a0a9534  ethereal-0.10.9-0.73.1.legacy.src.rpm
18275240b94a001adfddcfb7662969057b5d300d 
ethereal-gnome-0.10.9-0.73.1.legacy.i386.rpm

9:
b16a536ce9323e490b999c6a561eacca07073e93  ethereal-0.10.9-0.90.1.legacy.i386.rpm
b8f09cd2d6e5387340873c57eb307dede62aa374  ethereal-0.10.9-0.90.1.legacy.src.rpm
71224a0aef1dc676e21a5687aa4f14795df61350 
ethereal-gnome-0.10.9-0.90.1.legacy.i386.rpm

fc1:
b29ed985aa799af2aae158bde72bc0b2596ca162  ethereal-0.10.9-1.FC1.1.legacy.i386.rpm
cc4f1bd1cf3e23c8f1b6813e4cd852030fa03a27  ethereal-0.10.9-1.FC1.1.legacy.src.rpm
30316d6dd8581aed8149bfd6cf0c8369937a5fa5 
ethereal-gnome-0.10.9-1.FC1.1.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/ethereal-0.10.9-0.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/ethereal-0.10.9-0.73.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/ethereal-gnome-0.10.9-0.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/ethereal-0.10.9-0.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/ethereal-0.10.9-0.90.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/ethereal-gnome-0.10.9-0.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/ethereal-0.10.9-1.FC1.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/ethereal-0.10.9-1.FC1.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/ethereal-gnome-0.10.9-1.FC1.1.legacy.i386.rpm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCCqIXLMAs/0C4zNoRAs8MAJ9rMK1yMuCw+BLb2+m07NK5ko3Z3QCffJE+
Yt6MDJmnQ94UmA2L8KE9Epc=
=CW/i
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2005-02-10 14:08:41 ----

Red Hat's advisory:
https://rhn.redhat.com/errata/RHSA-2005-011.html



------- Additional Comments From pekkas 2005-02-15 08:09:04 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA w/ rpm-build-compare.sh:
 - verified that the source tarballs have the correct signature
 - spec file changes non-trivial, but still OK
 - minor patches (compilation, htmlview, etc.) are reasonable

+pUBLISH RHL9, RHL73, FC1

9902d66fc5fe8b408d5afa199eb9d7bc0a0a9534  ethereal-0.10.9-0.73.1.legacy.src.rpm
b8f09cd2d6e5387340873c57eb307dede62aa374  ethereal-0.10.9-0.90.1.legacy.src.rpm
ce509b18922d8eefc4d4853fe0bbd97a6ad02ffd  ethereal-0.10.9-1.AS21.1.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFCEjqrGHbTkzxSL7QRAi+nAJ9NROy7OdwgN70Wjvc1iTS8XE4qmACgjs4I
ZVmeIpfrqwORdFWLKJYuNxw=
=Eq6t
-----END PGP SIGNATURE-----



------- Additional Comments From marcdeslauriers 2005-02-23 17:59:03 ----

Packages were pushed to updates-testing



------- Additional Comments From pekkas 2005-02-26 03:20:43 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA for RHL9 and RHL73 (non-gnome) RPM:
 - rpm-build-compare.sh for the binaries looks reasonable (but huge due to
the text differences) (RHL9 only)
 - installs OK
 - tethereal seems to run OK

+VERIFY RHL9, RHL73

fce29e1fdc627835a8ae16ec787fef0e8dfd428a  ethereal-0.10.9-0.90.2.legacy.i386.rpm
ee03b51a09f7d324ed7377ebdd88e6412183606d 
ethereal-gnome-0.10.9-0.90.2.legacy.i386.rpm
bf5ae992795eed466b9e005fd4d14e1f38bfd185  ethereal-0.10.9-0.73.2.legacy.i386.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFCIHefGHbTkzxSL7QRAh7SAJ97IclGHXbL0xCqlb0aI4xJr9EyQQCglKxl
D4LEwfkCYGCU3rf35jrKYI8=
=trLi
-----END PGP SIGNATURE-----




------- Additional Comments From pekkas 2005-03-18 06:01:30 ----

A slew of new issues found, continuing tracking Ethereal in #2453.

If FC1 gets the missing VERIFY vote before the new packages in #2453 go forward,
I guess we could publish two packages.



------- Additional Comments From rob.myers.edu 2005-03-18 11:17:04 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

i did QA on the FC1 ethereal package:

7be37b8141a229d5285f6bf09f9667555693e85e  ethereal-0.10.9-1.FC1.2.legacy.i386.rpm
0c1ed87b9ae7f513b9a224e57d2579f333dcda07 
ethereal-gnome-0.10.9-1.FC1.2.legacy.i386.rpm

sha1sums ok
gpg signatures ok
runs fine

+VERIFY
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCO0SdtU2XAt1OWnsRAhemAJ9V0d7Wmw3ZxbJ6wYCIy/zq4cf3hQCgi3Gq
lTX21bZ+dNx2FFe1EKWhPl8=
=jroC
-----END PGP SIGNATURE-----




------- Bug moved to this database by dkl 2005-03-30 18:31 -------

This bug previously known as bug 2407 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2407
Originally filed under the Fedora Legacy product and Package request component.
Bug depends on bug(s) 2453.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
The original reporter of this bug does not have
   an account here. Reassigning to the person who moved
   it here, dkl.
   Previous reporter was bugzilla.fedora.us.
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Pekka Savola 2005-05-16 10:38:52 UTC

These issues are tracked in the other PR.

*** This bug has been marked as a duplicate of 152922 ***

Note You need to log in before you can comment on or make changes to this bug.