From: Denis Ovsienko <denis@ovsienko.info>
Date: Mon, 7 Feb 2022 12:36:46 +0000 (+0000)
Subject: Add CVE-2018-16301 to CHANGES. [skip ci]
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/ad7c25bc0decf96dc7768c9e903734d38528b1bd

Add CVE-2018-16301 to CHANGES. [skip ci]

One of the effects of commit faf8fb7 was fixing a buffer overflow that
was discovered and reported by Include Security (case reference "F2").
Their work was sponsored by Mozilla under the Secure Open Source
program.  The vulnerability was assigned CVE-2018-16301 on 2018-09-01
(MITRE request reference "scr562827"), but was not properly documented
afterwards.  Add a line to the change log section for 4.99.0, which at
the time of this writing is the first release to incorporate the fix.

See also https://github.com/the-tcpdump-group/libpcap/issues/855
---

diff --git a/CHANGES b/CHANGES
index 97fdb088..a5380cb5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -70,6 +70,7 @@ Wednesday, June 9, 2021 by gharris
 
 Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl.
   Summary for 4.99.0 tcpdump release
+    CVE-2018-16301: For the -F option handle large input files safely.
     Improve the contents, wording and formatting of the man page.
     Print unsupported link-layer protocol packets in hex.
     Add support for new network protocols and DLTs: Arista, Autosar SOME/IP,