aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGerald Combs <gerald@wireshark.org>2005-05-02 16:34:24 +0000
committerGerald Combs <gerald@wireshark.org>2005-05-02 16:34:24 +0000
commitf2ffbf0a468976213e4d0edd91158e4ebfa65eb8 (patch)
tree5c5b7936cf07e88b75d2a472b53f08b838deead8
parentb233c06fb290d69722c8d3393bb7eed6a8beb67b (diff)
Prep for the next release. ETA Wednesday (the 4th).
svn path=/trunk/; revision=14270
-rw-r--r--NEWS179
-rw-r--r--config.nmake4
-rw-r--r--configure.in2
3 files changed, 182 insertions, 3 deletions
diff --git a/NEWS b/NEWS
index ddd564c767..c1cda3f5c5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,184 @@
$Id$
+== May 4, 2005
+
+Ethereal 0.10.11 has been released.
+
+An aggressive testing program as well as independent discovery has turned
+up a multitude of security issues:
+
+ The ANSI A dissector was susceptible to format string vulnerabilities.
+ Discovered by Bryan Fulton.
+ Versions affected: 0.9.15 to 0.10.10
+
+ The GSM MAP dissector could crash.
+ Versions affected: 0.10.0 to 0.10.10
+
+ The AIM dissector could cause a crash.
+ Versions affected: 0.9.14 to 0.10.10
+
+ The DISTCC dissector was susceptible to a buffer overflow.
+ Discovered by Ilja van Sprundel
+ Versions affected: 0.9.13 to 0.10.10
+
+ The FCELS dissector was susceptible to a buffer overflow.
+ Discovered by Neil Kettle
+ Versions affected: 0.9.9 to 0.10.10
+
+ The SIP dissector was susceptible to a buffer overflow.
+ Discovered by Ejovi Nuwere.
+ Versions affected: 0.10.0 to 0.10.10
+
+ The KINK dissector was susceptible to a null pointer exception,
+ endless looping, and other problems.
+ Versions affected: 0.10.10
+
+ The LMP dissector was susceptible to an endless loop.
+ Versions affected: 0.9.4 to 0.10.10
+
+ The Telnet dissector could abort.
+ Versions affected: 0.9.10 to 0.10.10
+
+ The TZSP dissector could cause a segmentation fault.
+ Versions affected: 0.10.10 to 0.10.10
+
+ The WSP dissector was susceptible to a null pointer exception and
+ assertions.
+ Versions affected: 0.10.0 to 0.10.10
+
+ The 802.3 Slow protocols dissector could throw an assertion.
+ Versions affected: 0.10.10
+
+ The BER dissector could throw assertions.
+ Versions affected: 0.10.2 to 0.10.10
+
+ The SMB Mailslot dissector was susceptible to a null pointer exception
+ and could throw assertions.
+ Versions affected: 0.9.0 to 0.10.10
+
+ The H.245 dissector was susceptible to a null pointer exception.
+ Versions affected: 0.10.10
+
+ The Bittorrent dissector could cause a segmentation fault.
+ Versions affected: 0.10.8 to 0.10.10
+
+ The SMB dissector could cause a segmentation fault and throw assertions.
+ Versions affected: 0.9.0 to 0.10.10
+
+ The Fibre Channel dissector could cause a crash.
+ Versions affected: 0.9.9 to 0.10.10
+
+ The DICOM dissector could attempt to allocate large amounts of memory.
+ Versions affected: 0.10.4 to 0.10.10
+
+ The MGCP dissector was susceptible to a null pointer exception, could
+ loop indefinitely, and segfault.
+ Versions affected: 0.8.14 to 0.10.10
+
+ The RSVP dissector could loop indefinitely.
+ Versions affected: 0.9.8 to 0.10.10
+
+ The DHCP dissector was susceptible to format string vulnerabilities, and
+ could abort.
+ Versions affected: 0.10.7 to 0.10.10
+
+ The SRVLOC dissector could crash unexpectedly or go into an infinite loop.
+ Versions affected: 0.9.8 to 0.10.10
+
+ The EIGRP dissector could loop indefinitely.
+ Versions affected: 0.8.18 to 0.10.10
+
+ The ISIS dissector could overflow a buffer.
+ Versions affected: 0.8.18 to 0.10.10
+
+ The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified,
+ and X.509 dissectors could overflow buffers.
+ Versions affected: 0.10.4 to 0.10.10
+
+ The NDPS dissector could exhaust system memory or cause an assertion,
+ or crash.
+ Versions affected: 0.9.12 to 0.10.10
+
+ The Q.931 dissector could try to free a null pointer and overflow
+ a buffer.
+ Versions affected: 0.10.10
+
+ The IAX2 dissector could throw an assertion.
+ Versions affected: 0.10.1 to 0.10.10
+
+ The ICEP dissector could try to free the same memory twice.
+ Versions affected: 0.10.7 to 0.10.10
+
+ The MEGACO dissector was susceptible to an infinite loop and a buffer
+ overflow.
+ Versions affected: 0.9.14 to 0.10.10
+
+ The DLSw dissector was susceptible to an infinite loop.
+ Versions affected: 0.9.1 to 0.10.10
+
+ The RPC dissector was susceptible to a null pointer exception.
+ Versions affected: 0.9.2 to 0.10.10
+
+ The NCP dissector could overflow a buffer or loop for a large amount
+ of time.
+ Versions affected: 0.10.5 to 0.10.10
+
+ The RADIUS dissector could throw an assertion.
+ Versions affected: 0.10.3 to 0.10.10
+
+ The GSM dissector could access an invalid pointer.
+ Versions affected: 0.10.10
+
+ The SMB PIPE dissector could throw an assertion.
+ Versions affected: 0.9.0 to 0.10.10
+
+ The L2TP dissector was susceptible to an infinite loop.
+ Versions affected: 0.10.9 to 0.10.10
+
+ The SMB NETLOGON dissector could dereference a null pointer.
+ Versions affected: 0.9.12 to 0.10.10
+
+ The MRDISC dissector could throw an assertion.
+ Versions affected: 0.8.19 to 0.10.10
+
+ The ISUP dissector could overflow a buffer or cause a segmentation fault.
+ Versions affected: 0.8.19 to 0.10.10
+
+ The LDAP dissector could crash.
+ Versions affected: 0.10.1 to 0.10.10
+
+ The TCAP dissector could overflow a buffer or throw an assertion.
+ Versions affected: 0.10.8 to 0.10.10
+
+ Additionally, a number of dissectors could throw an assertion when
+ passing an invalid protocol tree item length.
+ Versions affected: 0.10.8 to 0.10.10
+
+
+Please see the following advisory for more information:
+
+ http://www.ethereal.com/appnotes/enpa-sa-00019.html
+
+Everyone is encouraged to upgrade.
+
+
+New and updated features
+
+
+
+New protocol support
+
+
+
+Updated protocol support
+
+
+
+New and updated capture file support
+
+
+
+
== March 11, 2005
Ethereal 0.10.10 has been released.
diff --git a/config.nmake b/config.nmake
index 865e747528..cac60c6f27 100644
--- a/config.nmake
+++ b/config.nmake
@@ -4,7 +4,7 @@
# in the file README.win32.
# The current Ethereal version
-VERSION=0.10.10
+VERSION=0.10.11
#
# The RC_VERSION should be comma-separated, not dot-separated,
@@ -17,7 +17,7 @@ VERSION=0.10.10
# number to be correctly displayed in the explorer properties dialog
# for the executables, and XP's tooltip, rather than 0.0.0.0."
#
-RC_VERSION=0,10,10
+RC_VERSION=0,10,11
# The version of the wiretap library
WTAP_VERSION=0.1
diff --git a/configure.in b/configure.in
index 877b33278b..c6ff7d104b 100644
--- a/configure.in
+++ b/configure.in
@@ -8,7 +8,7 @@ dnl Check for CPU / vendor / OS
AC_CANONICAL_HOST
AC_CANONICAL_TARGET
-AM_INIT_AUTOMAKE(ethereal, 0.10.10)
+AM_INIT_AUTOMAKE(ethereal, 0.10.11)
AM_DISABLE_STATIC