diff mbox series

[meta-networkin,scarthgap] wireshark: Fix CVE-2026-0960

Message ID 20260311035842.6610-1-hprajapati@mvista.com
State New
Headers show
Series [meta-networkin,scarthgap] wireshark: Fix CVE-2026-0960 | expand

Commit Message

Hitendra Prajapati March 11, 2026, 3:58 a.m. UTC 
Pick patch from [1] also mentioned in [2]

[1] https://gitlab.com/wireshark/wireshark/-/issues/20944
[2] https://security-tracker.debian.org/tracker/CVE-2026-0960

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 .../wireshark/files/CVE-2026-0960.patch       | 43 +++++++++++++++++++
 .../wireshark/wireshark_4.2.14.bb             |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2026-0960.patch
diff mbox series

Patch

diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2026-0960.patch b/meta-networking/recipes-support/wireshark/files/CVE-2026-0960.patch
new file mode 100644
index 0000000000..6e577dac64
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2026-0960.patch
@@ -0,0 +1,43 @@ 
+From: John Thacker <johnthacker@gmail.com>
+Date: Mon, 12 Jan 2026 15:28:22 +0000
+Subject: QUIC: Update reassembly ID for a new MSP
+
+When a QUIC frame has more than one MSP, the reassembly id for the
+second MSP has to be used when adding or looking it up, instead of
+the original reassembly id of the first MSP.
+
+Fixes reassembly of the file in #20944 in most cases, outside of issues
+with out of order UDP packets / QUIC packets.
+
+(cherry picked from commit 562c3c070c6f58d01904d42338489b1a64ad7655)
+
+Co-authored-by: John Thacker <johnthacker@gmail.com>
+origin: https://gitlab.com/wireshark/wireshark/-/merge_requests/23175
+
+CVE: CVE-2026-0960
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/f31123dcdbac37272046b58b2f7941bc7fb42934]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-quic.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/epan/dissectors/packet-quic.c b/epan/dissectors/packet-quic.c
+index cabc2c5..7614b7f 100644
+--- a/epan/dissectors/packet-quic.c
++++ b/epan/dissectors/packet-quic.c
+@@ -1781,9 +1781,10 @@ again:
+                         deseg_seq, nxtseq+pinfo->desegment_len, stream->multisegment_pdus);
+                 }
+ 
+-                /* add this segment as the first one for this new pdu */
++		/* add this segment as the first one for this new pdu
++		 * Use the the new MSP's reassembly ID (its first frame). */
+                 fragment_add(&quic_reassembly_table, tvb, deseg_offset,
+-                             pinfo, reassembly_id, NULL,
++                             pinfo, msp->first_frame, stream_info,
+                              0, nxtseq - deseg_seq,
+                              nxtseq < msp->nxtpdu);
+             }
+-- 
+2.50.1
+
diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb
index dbf7017514..559dd75fe0 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb
@@ -18,6 +18,7 @@  SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz
            file://CVE-2026-0959.patch \
            file://CVE-2026-0962.patch \
            file://CVE-2026-3201.patch \
+           file://CVE-2026-0960.patch \
            "
 
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions"