>Number:         19406
>Category:       pkg
>Synopsis:       Current version of net/ethereal package has a known security issue
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Dec 16 00:32:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Adrian Portelli
>Release:        NetBSD 1.6 i386
>Organization:
STIndustries
>Environment:
NetBSD krusty.mdc.stindustries.net 1.6 NetBSD 1.6 (KRUSTY) #12: Sat Dec  7 15:13:25 EST 2002     root@krusty.mdc.stindustries.net:/usr/src/sys/arch/i386/compile/KRUSTY i386
>Description:
The current version of net/ethereal from the packages collection is out of date and has a known security issue.
>How-To-Repeat:
cd /usr/pkgsrc/net/ethereal and the version in the Makefile is ethereal-0.9.7. The current version available from www.ethereal.com is 0.9.8.  Details of the security issue are at:

http://www.ethereal.com/appnotes/enpa-sa-00007.html
>Fix:
Patches for update to 0.9.8

--- Makefile.orig       Mon Dec 16 19:24:45 2002
+++ Makefile    Mon Dec 16 19:24:54 2002
@@ -1,6 +1,6 @@
 # $NetBSD: Makefile,v 1.67 2002/12/09 17:09:00 drochner Exp $
 
-DISTNAME=              ethereal-0.9.7
+DISTNAME=              ethereal-0.9.8
 CATEGORIES=            net
 MASTER_SITES=          ftp://ftp.ethereal.com/pub/ethereal/ \
                        ftp://ftp.sunet.se/pub/network/monitoring/ethereal/


--- distinfo.orig       Mon Dec 16 19:25:00 2002
+++ distinfo    Mon Dec 16 19:28:11 2002
@@ -1,4 +1,4 @@
 $NetBSD: distinfo,v 1.14 2002/09/30 11:50:25 martti Exp $
 
-SHA1 (ethereal-0.9.7.tar.gz) = 308b5dd2a90ec6d0e090ae54b1bf3cc9c69a9bf7
-Size (ethereal-0.9.7.tar.gz) = 4153241 bytes
+SHA1 (ethereal-0.9.8.tar.gz) = 57b2808e30538c7be0a175870283c6f9bdbdb434
+Size (ethereal-0.9.8.tar.gz) = 4210744 bytes
>Release-Note:
>Audit-Trail:
>Unformatted: