[Secure-testing-commits] r40597 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Mar 27 10:48:23 UTC 2016
Author: jmm
Date: 2016-03-27 10:48:22 +0000 (Sun, 27 Mar 2016)
New Revision: 40597
Modified:
data/CVE/list
Log:
no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-27 08:16:47 UTC (rev 40596)
+++ data/CVE/list 2016-03-27 10:48:22 UTC (rev 40597)
@@ -18936,6 +18936,8 @@
CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server ...)
{DLA-312-1}
- libtorrent-rasterbar 1.0.6-1 (bug #797046)
+ [jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
+ [wheezy] - libtorrent-rasterbar <no-dsa> (Minor issue)
NOTE: Even though the CVE mentions BitTorrent DHT Bootstrap server, the vulnerable lazy_bdecode() function is effectively also available in libtorrent-rasterbar in all Debian releases.
NOTE: Patch on libtorrent-rasterbar that has been applied in 1.0.6: https://github.com/arvidn/libtorrent/commit/d9945f6f50a8c967888cd9c2ebe65ffbe462056e
CVE-2015-5684
More information about the Secure-testing-commits
mailing list