[Secure-testing-commits] r36334 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Thu Aug 27 10:14:28 UTC 2015
Author: hertzog
Date: 2015-08-27 10:14:28 +0000 (Thu, 27 Aug 2015)
New Revision: 36334
Modified:
data/CVE/list
Log:
Confirm issue with libtorrent-rasterbar
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-27 09:52:08 UTC (rev 36333)
+++ data/CVE/list 2015-08-27 10:14:28 UTC (rev 36334)
@@ -2281,8 +2281,9 @@
RESERVED
CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server ...)
- libtorrent-rasterbar <unfixed>
- NOTE: in experimental fixed in 1.0.6-1
- TODO: check correctness, as CVE is for bootstrap-dht and this is libtorrent-rasterbar
+ [experimental] - libtorrent-rasterbar 1.0.6-1
+ NOTE: Even though the CVE mentions BitTorrent DHT Bootstrap server, the vulnerable lazy_bdecode() function is effectively also available in libtorrent-rasterbar in all Debian releases.
+ NOTE: Patch on libtorrent-rasterbar that has been applied in 1.0.6: https://github.com/arvidn/libtorrent/commit/d9945f6f50a8c967888cd9c2ebe65ffbe462056e
CVE-2015-5684
RESERVED
CVE-2015-5683
More information about the Secure-testing-commits
mailing list