Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Security issue being reported by the Secunia PSI scanner.

From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Date: Wed, 6 Jan 2010 15:36:33 -0700

On Jan 6, 2010, at 3:20 PM, Richard Brooks wrote:

Hello Bill, in my last email I neglected to add the Secunia report information you asked for.

Your screenshots show that you're running Wireshark v1.2.5 with GTK+ 2.16.2. I don't see anything that says "security" in the release notes (news) for GTK+ from v2.16.2 -> the latest 2.16, which is 2.16.6:

	http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.6.news
	http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.5.news
	http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.4.news
	http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.3.news

This is still something worth looking into. I see that GTK+ 2.18.x is the current stable maintained branch, while 2.16.x is "old" but "but in some respects more stable" (http://www.gtk.org/download- windows.html).


Steve