Fix for bug 1264 from Julian Cable:

    I've refactored the offending code branch and added some comments so
  hopefully the intent is a bit clearer. The loop termination conditions
  are now obviously independent of the content on the wire (they were
  meant to be before, but I admit it was obscure). I've tried using the
  ephemeral memory routines.

Add a check for a maximum fragment count, and bail out of reassembly instead
of triggering an ep_alloc exception.  Add Julian to AUTHORS.  Update the 
release notes.


git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@21007 f5534014-38df-0310-8fa8-9805f1628bb7

1 files changed, 13 insertions, 0 deletions

diff --git a/docbook/release-notes.xml b/docbook/release-notes.xml
index 6fcf3fbb5d..0c3f4a5230 100644
--- a/docbook/release-notes.xml
+++ b/docbook/release-notes.xml
@@ -48,6 +48,19 @@ Wireshark Info
           </para>
         </listitem>
 
+        <listitem>
+          <para>
+            Wireshark could exhaust system memory while reading a malformed
+            DCP ETSI packet.
+            <!-- Fixed in r21007 -->
+            (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1264">1264</ulink>)
+          </para>
+          <para>Versions affected: 0.99.5</para>
+          <para>
+            <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
+          </para>
+        </listitem>
+
       </itemizedlist>
 
     </para>