Ethereal-dev: [Ethereal-dev] Re: Ethereal RSVP Protocol Decoding Denial of Service Vulnerabili
On 4/28/05, Senthil Prabu.S <praboos@xxxxxxxxx> wrote:
> Hi Ethereal Team,
>
> When can we expect a next stable version that has a fix to the below
> mentioned Vulnerability.
Who knows? Best answer would be "When someone has fixed it?"
The article is not too specific, netither does it have an example
capture we an test with or analyze.
You might be in luck,
There has been a few checkins for fixes for that protocol in the last
few weeks that addresses bugd that can cause a hang/infinite loop.
Maybe one of these fixes also resolves the one reported?
Please test if the current SVN build can hadlte that case properly
without crashing.
As for when stable releases are released, thats a trickier question.
Remember that ethereal is beta software and has never been released in
production/stable versions yet. We are working at it, but are not
there yet.
I understand/belive the release process works something like
approximately once every 6 weeks, or whenever Gerald feels like it (he
is the guy doing the releases), he tells people :
Oy, it feels like its time for a new release next week or so, so can
you guys avoid any dangerous, crashprone checkins until after the
release?
After a week he then just renames the current SVN version to become
the new release and releases it as is. It works very well for us
(except i think for 0.8.18a or so which i was responsible for)
I think a new beta release, something like 0.10.11 or so will be
released next week or so.
Othervise, just try the automated SVN builds from the development
page, they are actually just as stable as the "official" releases
since they are actually exactly the same.
(we are different, our svn IS the stable branch)