[Secure-testing-commits] r44407 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Sep 8 07:15:50 UTC 2016
Author: carnil
Date: 2016-09-08 07:15:50 +0000 (Thu, 08 Sep 2016)
New Revision: 44407
Modified:
data/CVE/list
Log:
Add CVE-2016-7164/libtorrent-rasterbar
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-08 06:46:37 UTC (rev 44406)
+++ data/CVE/list 2016-09-08 07:15:50 UTC (rev 44407)
@@ -5,6 +5,12 @@
NOTE: https://github.com/ADOdb/ADOdb/issues/226
NOTE: https://github.com/ADOdb/ADOdb/commit/bd9eca9
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/07/8
+CVE-2016-7164 [inflate_gzip denial of service]
+ - libtorrent-rasterbar <unfixed>
+ NOTE: https://github.com/arvidn/libtorrent/issues/1021
+ NOTE: https://github.com/arvidn/libtorrent/pull/1022
+ NOTE: https://github.com/arvidn/libtorrent/commit/debf3c6e3688aab8394fe5c47737625faffe6f9e
+ NOTE: Fixed upstream in 1.1.1.
CVE-2016-7153 (The HTTP/2 protocol does not consider the role of the TCP congestion ...)
TODO: check
CVE-2016-7152 (The HTTPS protocol does not consider the role of the TCP congestion ...)
More information about the Secure-testing-commits
mailing list