wheezy-backports: libotr5 vulnerable to CVE-2016-2851

To: debian-backports@lists.debian.org
Subject: wheezy-backports: libotr5 vulnerable to CVE-2016-2851
From: Kalle Valo <kvalo@adurom.com>
Date: Tue, 26 Apr 2016 19:18:23 +0300
Message-id: <[🔎] 87eg9swdgw.fsf@purkki.adurom.net>

Hi,

I did a quick check and to me it looks like that libotr5 4.1.0-2~bpo70+1
in wheezy-backports is vulnerable to CVE-2016-2851 (remote code
execution)[1]. The version 4.1.1-1 in unstable should be safe. Is anyone
able to upload latest libotr5 to fix this?

Thanks in advance.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2851

-- 
Kalle Valo

Reply to:

Follow-Ups:
- Re: wheezy-backports: libotr5 vulnerable to CVE-2016-2851
  - From: intrigeri <intrigeri@debian.org>

Prev by Date: Re: Backporting R
Next by Date: Linux kernel 4.4 marked as obsolete in backports
Previous by thread: Re: Backporting R
Next by thread: Re: wheezy-backports: libotr5 vulnerable to CVE-2016-2851
Index(es):
- Date
- Thread