[Pkg-privacy-maintainers] Bug#817799: libotr5: Exploitable integer overflow vulnerability (CVE-2016-2851)

Michail Bachmann m.bachmann at cms.hu-berlin.de
Thu Mar 10 13:49:20 UTC 2016


Package: libotr5
Version: 4.1.0-7
Severity: grave
Tags: security
Justification: user security hole

Dear Maintainer,

the libotr versions prior to 4.1.1 contain an integer overflow vulnerability.
This can cause buffer overflow that could lead to code execution. The
vulnerability has been assigned the CVE-2016-2851.

You can find more information here:

https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/

Sincerely,

Michail Bachmann



-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (300, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 4.4.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libotr5 depends on:
ii  libc6        2.22-2
ii  libgcrypt20  1.6.5-2

libotr5 recommends no packages.

Versions of packages libotr5 suggests:
pn  libotr5-bin  <none>

-- no debconf information



More information about the Pkg-privacy-maintainers mailing list