Bug 152890 - ethereal CAN-2004-1139-42,2005-0006-10,2005-0084 vulns
ethereal CAN-2004-1139-42,2005-0006-10,2005-0084 vulns
Status: CLOSED DUPLICATE of bug 152922
Product: Fedora Legacy
Classification: Retired
Component: ethereal (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
1, LEGACY, rh73, rh90
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-01-31 10:54 EST by David Lawrence
Modified: 2007-04-18 13:22 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-16 06:38:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:31:07 EST
a bunch of vulns have been reported in ethereal.  many of these aren't relevant
to the legacy versions, but some are:
CAN-2004-1139
CAN-2004-1140
CAN-2004-1141
CAN-2004-1142
CAN-2005-0006
CAN-2005-0007
CAN-2005-0008
CAN-2005-0009
CAN-2005-0010
CAN-2005-0084



------- Additional Comments From michal@harddata.com 2005-02-07 13:38:27 ----

After current updates Red Hat is using basically the same 0.10.9 source across
the board from RHEL2 to FC3.  ethereal-0.10.9-1.AS21.1.src.rpm includes
ethereal.wmconfig, the same one as ethereal-0.10.3-0.73.3.legacy.src.rpm,
while ethereal-0.10.9-1.FC{2,3}.1.src.rpm have ethereal.console,
ethereal.desktop, ethereal.pam and ethereal.png instead.  Also legacy
specs have more extensive list of Requires/BuildRequires.  Apart of other
minor spec details that is it.

There are no issues with recompiling ethereal-0.10.9-1.AS21.1.src.rpm, with
a slightly adjusted spec file, on RH7.3



------- Additional Comments From marcdeslauriers@videotron.ca 2005-02-09 13:51:15 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated ethereal packages to QA:

Changelog 7.3:
* Mon Feb 07 2005 Marc Deslauriers <marcdeslauriers@videotron.ca>
0.10.9-0.73.1.legacy
- - Updated to 0.10.9 to fix multiple security issues (FL#2407)
- - Modified configure parameters
- - Added gcc patch

Changelog 9:
* Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers@videotron.ca>
0.10.9-0.90.1.legacy
- - Updated to 0.10.9 to fix multiple security issues (FL#2407)
- - Modified configure parameters

Changelog fc1:
* Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers@videotron.ca>
0.10.9-1.FC1.1.legacy
- - Updated to 0.10.9 to fix multiple security issues (FL#2407)
- - Added htmlview patch
- - Changed BuildRequires to gtk2

7.3:
c59f69fa5aee10aefb80df36351f0bf8cd10ffd0  ethereal-0.10.9-0.73.1.legacy.i386.rpm
9902d66fc5fe8b408d5afa199eb9d7bc0a0a9534  ethereal-0.10.9-0.73.1.legacy.src.rpm
18275240b94a001adfddcfb7662969057b5d300d 
ethereal-gnome-0.10.9-0.73.1.legacy.i386.rpm

9:
b16a536ce9323e490b999c6a561eacca07073e93  ethereal-0.10.9-0.90.1.legacy.i386.rpm
b8f09cd2d6e5387340873c57eb307dede62aa374  ethereal-0.10.9-0.90.1.legacy.src.rpm
71224a0aef1dc676e21a5687aa4f14795df61350 
ethereal-gnome-0.10.9-0.90.1.legacy.i386.rpm

fc1:
b29ed985aa799af2aae158bde72bc0b2596ca162  ethereal-0.10.9-1.FC1.1.legacy.i386.rpm
cc4f1bd1cf3e23c8f1b6813e4cd852030fa03a27  ethereal-0.10.9-1.FC1.1.legacy.src.rpm
30316d6dd8581aed8149bfd6cf0c8369937a5fa5 
ethereal-gnome-0.10.9-1.FC1.1.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/ethereal-0.10.9-0.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/ethereal-0.10.9-0.73.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/ethereal-gnome-0.10.9-0.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/ethereal-0.10.9-0.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/ethereal-0.10.9-0.90.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/ethereal-gnome-0.10.9-0.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/ethereal-0.10.9-1.FC1.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/ethereal-0.10.9-1.FC1.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/ethereal-gnome-0.10.9-1.FC1.1.legacy.i386.rpm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCCqIXLMAs/0C4zNoRAs8MAJ9rMK1yMuCw+BLb2+m07NK5ko3Z3QCffJE+
Yt6MDJmnQ94UmA2L8KE9Epc=
=CW/i
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2005-02-10 14:08:41 ----

Red Hat's advisory:
https://rhn.redhat.com/errata/RHSA-2005-011.html



------- Additional Comments From pekkas@netcore.fi 2005-02-15 08:09:04 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA w/ rpm-build-compare.sh:
 - verified that the source tarballs have the correct signature
 - spec file changes non-trivial, but still OK
 - minor patches (compilation, htmlview, etc.) are reasonable

+pUBLISH RHL9, RHL73, FC1

9902d66fc5fe8b408d5afa199eb9d7bc0a0a9534  ethereal-0.10.9-0.73.1.legacy.src.rpm
b8f09cd2d6e5387340873c57eb307dede62aa374  ethereal-0.10.9-0.90.1.legacy.src.rpm
ce509b18922d8eefc4d4853fe0bbd97a6ad02ffd  ethereal-0.10.9-1.AS21.1.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFCEjqrGHbTkzxSL7QRAi+nAJ9NROy7OdwgN70Wjvc1iTS8XE4qmACgjs4I
ZVmeIpfrqwORdFWLKJYuNxw=
=Eq6t
-----END PGP SIGNATURE-----



------- Additional Comments From marcdeslauriers@videotron.ca 2005-02-23 17:59:03 ----

Packages were pushed to updates-testing



------- Additional Comments From pekkas@netcore.fi 2005-02-26 03:20:43 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA for RHL9 and RHL73 (non-gnome) RPM:
 - rpm-build-compare.sh for the binaries looks reasonable (but huge due to
the text differences) (RHL9 only)
 - installs OK
 - tethereal seems to run OK

+VERIFY RHL9, RHL73

fce29e1fdc627835a8ae16ec787fef0e8dfd428a  ethereal-0.10.9-0.90.2.legacy.i386.rpm
ee03b51a09f7d324ed7377ebdd88e6412183606d 
ethereal-gnome-0.10.9-0.90.2.legacy.i386.rpm
bf5ae992795eed466b9e005fd4d14e1f38bfd185  ethereal-0.10.9-0.73.2.legacy.i386.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFCIHefGHbTkzxSL7QRAh7SAJ97IclGHXbL0xCqlb0aI4xJr9EyQQCglKxl
D4LEwfkCYGCU3rf35jrKYI8=
=trLi
-----END PGP SIGNATURE-----




------- Additional Comments From pekkas@netcore.fi 2005-03-18 06:01:30 ----

A slew of new issues found, continuing tracking Ethereal in #2453.

If FC1 gets the missing VERIFY vote before the new packages in #2453 go forward,
I guess we could publish two packages.



------- Additional Comments From rob.myers@gtri.gatech.edu 2005-03-18 11:17:04 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

i did QA on the FC1 ethereal package:

7be37b8141a229d5285f6bf09f9667555693e85e  ethereal-0.10.9-1.FC1.2.legacy.i386.rpm
0c1ed87b9ae7f513b9a224e57d2579f333dcda07 
ethereal-gnome-0.10.9-1.FC1.2.legacy.i386.rpm

sha1sums ok
gpg signatures ok
runs fine

+VERIFY
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCO0SdtU2XAt1OWnsRAhemAJ9V0d7Wmw3ZxbJ6wYCIy/zq4cf3hQCgi3Gq
lTX21bZ+dNx2FFe1EKWhPl8=
=jroC
-----END PGP SIGNATURE-----




------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:31 -------

This bug previously known as bug 2407 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2407
Originally filed under the Fedora Legacy product and Package request component.
Bug depends on bug(s) 2453.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
The original reporter of this bug does not have
   an account here. Reassigning to the person who moved
   it here, dkl@redhat.com.
   Previous reporter was bugzilla.fedora.us@beej.org.
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Pekka Savola 2005-05-16 06:38:52 EDT
These issues are tracked in the other PR.

*** This bug has been marked as a duplicate of 152922 ***

Note You need to log in before you can comment on or make changes to this bug.