[tcpdump-workers] Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?

Romain Francoise rfrancoise at debian.org
Mon Nov 24 04:04:40 EST 2014


On Sun, Nov 23, 2014 at 11:35:21PM -0800, Guy Harris wrote:
> So did I. :-)

> (See branches tcpdump_4.1 through tcpdump_4.6.)

Ah, great, I need patches for Debian stable, which ships tcpdump 4.3.0.
I was about to use Michal's patches for 4.4.0 from the fc19 srpm, but if
you have "official" backports, even better.

The branch also has fixes for print-udp.c and print-ppp.c. Are these
security-sensitive? Should I pick them up as well? If so, do they have
CVE identifiers?

Thanks,
-- 
Romain Francoise <rfrancoise at debian.org>
http://people.debian.org/~rfrancoise/


More information about the tcpdump-workers mailing list