Stephen Fisher wrote:
On Jan 6, 2010, at 3:20 PM, Richard Brooks wrote:
Hello Bill, in my last email I neglected to add the Secunia report
information you asked for.
Your screenshots show that you're running Wireshark v1.2.5 with GTK+
2.16.2. I don't see anything that says "security" in the release
notes (news) for GTK+ from v2.16.2 -> the latest 2.16, which is 2.16.6:
http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.6.news
http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.5.news
http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.4.news
http://ftp.acc.umu.se/pub/gnome/sources/gtk+/2.16/gtk+-2.16.3.news
This is still something worth looking into. I see that GTK+ 2.18.x is
the current stable maintained branch, while 2.16.x is "old" but "but
in some respects more stable" (http://www.gtk.org/download-
windows.html).
Steve
Going one level deeper: It turns out the the Secunia Security ID which
is being reported is SA37852: GTK+ "gdk_window_begin_implicit_paint()"
Foreign Windows Weakness.
http://secunia.com/advisories/37852/
Among other things the advisory says "fixed in GTK 2.18.5".
The security level is reported as "not criotical"