[Secure-testing-commits] r36336 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Aug 27 10:37:42 UTC 2015
Author: carnil
Date: 2015-08-27 10:37:42 +0000 (Thu, 27 Aug 2015)
New Revision: 36336
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2015-5685, #797046
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-27 10:14:32 UTC (rev 36335)
+++ data/CVE/list 2015-08-27 10:37:42 UTC (rev 36336)
@@ -2280,7 +2280,7 @@
CVE-2015-5686
RESERVED
CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server ...)
- - libtorrent-rasterbar <unfixed>
+ - libtorrent-rasterbar <unfixed> (bug #797046)
[experimental] - libtorrent-rasterbar 1.0.6-1
NOTE: Even though the CVE mentions BitTorrent DHT Bootstrap server, the vulnerable lazy_bdecode() function is effectively also available in libtorrent-rasterbar in all Debian releases.
NOTE: Patch on libtorrent-rasterbar that has been applied in 1.0.6: https://github.com/arvidn/libtorrent/commit/d9945f6f50a8c967888cd9c2ebe65ffbe462056e
More information about the Secure-testing-commits
mailing list