One of the effects of commit
faf8fb7 was fixing a buffer overflow that
was discovered and reported by Include Security (case reference "F2").
Their work was sponsored by Mozilla under the Secure Open Source
program. The vulnerability was assigned CVE-2018-16301 on 2018-09-01
(MITRE request reference "scr562827"), but was not properly documented
afterwards. Add a line to the change log section for 4.99.0, which at
the time of this writing is the first release to incorporate the fix.
See also https://github.com/the-tcpdump-group/libpcap/issues/855
Summary for 4.99.0 tcpdump release
+ CVE-2018-16301: For the -F option handle large input files safely.
Improve the contents, wording and formatting of the man page.
Print unsupported link-layer protocol packets in hex.
Add support for new network protocols and DLTs: Arista, Autosar SOME/IP,