Debian Security Advisory

DLA-137-1 libevent -- LTS security update

Date Reported:
26 Jan 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 774645.
In Mitre's CVE dictionary: CVE-2014-6272.
More information:

The libevent library was vulnerable to a potential heap overflow in the buffer/bufferevent APIs.

For Debian 6 Squeeze, these issues have been fixed in libevent version 1.4.13-stable-1+deb6u1

This update was prepared by Nguyen Cong who used the upstream-provided patch. Thanks to them!