Dear LTS Team, 2016-05-31 14:19 GMT+02:00 Bálint Réczey <bal...@balintreczey.hu>: > Hi Bjoern, > > 2016-05-31 13:27 GMT+02:00 Bjoern Nyjorden <b...@iinet.net.au>: >> Hi there; >> >> Unfortunately, as at 11:17 (+0000); This UPDATE IS NOT AVAILABLE at the >> AUSTRALIAN REGION MIRROR (IP: 150.203.164.61) of: >> >> http://security.debian.org/debian-security/pool/updates/main/w/wireshark/ >> >> If the update is already available at other IPs for the above address, can >> someone please ensure that it is pushed out to the Australian Region mirror >> at the earliest opportunity? > > I'm deeply sorry for sending out the DLA too early. The update will be > available > soon in the archive. > > For the record all of the vulnerabilities listed in the DLA are public > thus receiving > the email early does not pose extra risk for the systems having the previous > version of the package.
I have uploaded the package to security-master yesterday and prepared the DLA today. I have misread the description of debian-lts-announce and thought it was moderated, too, like debian-lts-changes, thus I expected the DLA to be held back if it comes early. While I will keep in mind _not_ sending the DLA out too erarly, would it make sense to make debian-lts-announce moderated to catch mistakes like mine? Thanks, Balint > > Thanks, > Balint > >> >> Thanking you in advance, >> Bjoern. >> >> >> On 31/05/16 18:22, Balint Reczey wrote: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA256 >>> >>> Package : wireshark >>> Version : 1.12.1+g01b65bf-4+deb8u6~deb7u1 >>> CVE ID : CVE-2012-6052 CVE-2012-6053 CVE-2012-6054 CVE-2012-6055 >>> CVE-2012-6056 CVE-2012-6057 CVE-2012-6058 CVE-2012-6059 >>> CVE-2012-6060 CVE-2012-6061 CVE-2012-6062 CVE-2013-1572 >>> CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 >>> CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 >>> CVE-2013-1581 CVE-2013-2476 CVE-2013-2479 CVE-2013-2482 >>> CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-4079 >>> CVE-2013-4080 CVE-2013-4927 CVE-2013-4929 CVE-2013-4931 >>> CVE-2013-5719 CVE-2013-5721 CVE-2013-6339 CVE-2013-7112 >>> CVE-2015-6243 CVE-2015-6246 CVE-2015-6248 CVE-2016-4006 >>> CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082 >>> CVE-2016-4085 >>> >>> Multiple vulnerabilities were discovered in the dissectors/parsers for >>> PKTC, IAX2, GSM CBCH and NCP which could result in denial of service. >>> >>> This update also fixes many older less important issues by updating the >>> package to the version found in Debian 8 also known as Jessie. >>> >>> For Debian 7 "Wheezy", these problems have been fixed in version >>> 1.12.1+g01b65bf-4+deb8u6~deb7u1. >>> >>> We recommend that you upgrade your wireshark packages. >>> >>> Further information about Debian LTS security advisories, how to apply >>> these updates to your system and frequently asked questions can be >>> found at: https://wiki.debian.org/LTS >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v2 >>> >>> iQIcBAEBCAAGBQJXTWXnAAoJEPZk0la0aRp9b/EQAIskixovlNrvyC2YNJY/COvR >>> qcMChf8hCa3N8ghW7U2nVvf7I7215CHqFjt5L7JaORkmTYCoethud7f9FgA/Os2L >>> lpsRSCs0i2MOIKMcDdYd/2gF0k164uBsHnIKeZujr0mn4u98mYTgeWvuP/bBN8th >>> VLhKzkrJFLhEDOeKStjL9sQ1de2tH4SOPPNxbo1hqXVNd8oPUGkfT5goAy8LzuUx >>> m6xMOcBu1Ee+koJeJ94HpSydwPVcXVZse/w1gShllcPyCfASzNQP3pYWQRr9tDas >>> cs3eNCUPpGsF/zmNlxea1IXVaaPdTsTiYATMykOcKj46MNXh3/dl0LiqpvSFbm1C >>> TOvIIpEkXaQvka3qlXZ14yVMvQhSFxuqvE6147cCNk1eL46wySZ4587HxsSLyeaP >>> c/FvRzBZlB/n4aF0N3ORKY6J0LkVMfr5Ye0nfPJVnp5ExYsLoHu+0uwdagi72yIb >>> tHLN49ixPj9c2DePami1YOBBNyMB/AZqCpZMWyoHQ+3FriMq80u5snQLbgwXOMNH >>> 7/GcoTITNdSUNR/VZU1Uc0PA6jh5tNr33luldLwyzLUVHlLnTy3IsEas4XmSVu4r >>> mmveoxqvLCUBrpcoXdBlZYX6d52MD50KHXV8ZfkAnEQxqCC/316VM00pa5t+zVUf >>> iwHPgkBSHx/+O9PFz7/f >>> =Be8K >>> -----END PGP SIGNATURE----- >>> >>
