Heads up! I'm going to upgrade Wireshark up to 1.10.x in Fedora 18
Peter Lemenkov
lemenkov at gmail.com
Thu Sep 12 08:42:20 UTC 2013
2013/9/12 Peter Hatina <phatina at redhat.com>:
> Hi Peter,
>
> On 09/12/2013 10:00 AM, Peter Lemenkov wrote:
>> Hello All!
>>
>> There are *lots* of CVEs against Wireshark shipped with Fedora 18
>> (quite old 1.8.8 version).
>>
>> * https://bugzilla.redhat.com/965942
>> * https://bugzilla.redhat.com/972762
>> * https://bugzilla.redhat.com/990189
>>
>> In order to fix them and not to add additional work for the
>> maintainers I'm thinking of upgrading up to 1.10.2 from 1.8.x.
>
> Well, idea looks fine, but before pushing such update, give us some time
> to reply to your message (3 minutes is not enough).
>
>>
>> Instead of backporting stuff let's build the latest stable! I'm sure
>> users will love this, since new Wireshark adds a lot of new features
>> and fixes all these CVEs.
>>
>
> I would rather stick to 1.8.10, which is the latest Maintenance release
> of wireshark. 1.8.10 will be certainly more OK with Fedora Update Policy
> [1] [2] [3]. I don't think, Wireshark is on exception list.
I'm afraid that's just adds additional work for maintainers w/o any
visible benefits. Let's move further instead of backporting - that's
just a leafnode app so nobody got hurt by a potential dependency
issue.
Regarding version - fortunately that's not a critpath application, so
we have a lot of freedom here.
--
With best regards, Peter Lemenkov.
More information about the devel
mailing list