[Secure-testing-commits] r40545 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Mar 23 23:22:03 UTC 2016
Author: jmm
Date: 2016-03-23 23:22:02 +0000 (Wed, 23 Mar 2016)
New Revision: 40545
Modified:
data/CVE/list
Log:
libtorrent-rasterbar fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-23 23:06:58 UTC (rev 40544)
+++ data/CVE/list 2016-03-23 23:22:02 UTC (rev 40545)
@@ -18789,8 +18789,7 @@
RESERVED
CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server ...)
{DLA-312-1}
- - libtorrent-rasterbar <unfixed> (bug #797046)
- [experimental] - libtorrent-rasterbar 1.0.6-1
+ - libtorrent-rasterbar 1.0.6-1 (bug #797046)
NOTE: Even though the CVE mentions BitTorrent DHT Bootstrap server, the vulnerable lazy_bdecode() function is effectively also available in libtorrent-rasterbar in all Debian releases.
NOTE: Patch on libtorrent-rasterbar that has been applied in 1.0.6: https://github.com/arvidn/libtorrent/commit/d9945f6f50a8c967888cd9c2ebe65ffbe462056e
CVE-2015-5684
More information about the Secure-testing-commits
mailing list