Debian Security Advisory
DLA-137-1 libevent -- LTS security update
- Date Reported:
- 26 Jan 2015
- Affected Packages:
- libevent
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 774645.
In Mitre's CVE dictionary: CVE-2014-6272. - More information:
-
The libevent library was vulnerable to a potential heap overflow in the buffer/bufferevent APIs.
For Debian 6
Squeeze
, these issues have been fixed in libevent version 1.4.13-stable-1+deb6u1This update was prepared by Nguyen Cong who used the upstream-provided patch. Thanks to them!