[SECURITY] [DLA 312-1] libtorrent-rasterbar security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 312-1] libtorrent-rasterbar security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 20 Sep 2015 18:36:33 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1509201834160.15543@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libtorrent-rasterbar
Version        : 0.14.10-2+deb6u1
CVE ID         : CVE-2015-5685
Debian Bug     : 797046

The lazy_bdecode function in BitTorrent DHT bootstrap server(bootstrap-dht ) allows remote attackers to execute arbitrary code via acrafted packet, related to "improper indexing."


Note while this CVE was reported against BitTorrent DHT Bootstrapt server,
the same vulnerable code is available in libtorrent-rasterbar.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJV/uCRXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHX40P/iGmdJk+BGp+Q1QbuueEPeP3
2KAAKCMi42qTwMLp5/pCgqlqKexm0tlNs82XkirDGR1rrnEx6HYm5elEv0l68FBF
aKnQfQyJhJ3RH1PBcDTDJk2xfqliIR/32W/zF5h9QhTAqWPxpqwqpVA79fcYjpse
3S6ZoMDbcedaM96MJ4GkD1HGSc/9sZnEHiiWIPfMGTPmvgaioitbSECHcknFhr5X
4uKCCiKTd9HQioZPkqFjXcT7/qwsiLZqgexo/k128eUpI4949Iy1Cd/QO2wtHCp2
xtMyKSeT6INHshkL994LM7achVyCMSw3DsVg2KWGDJdKZl13Ir1v5uiYYrOtJfIA
On/P7bm17zYMQx4d2t7C38LhFyfDPgDNpLlD/dUXsTsNI7ZX/6mq4zriEuCqcNXh
ZcUAp4Yevp5lmOntWZzA5uW6uuIoP0zqw5Igb3n68f+wmG1+EbAvO4Wr0PCP4bin
pcWobUUb4LPLbawGFDc70f1rBKsZnJnox1tnRkWcmANR+Q7EuQLyqH8RBLbdd728
Aa8U02DARJVkQu4JLGoNMdCd/ldU5CYFlBSYlqDTSAQ3ouWxFR8C1JeXnk8R95sS
pWgkIuaob7yxjjtnFPvcD5ePq/0SxK9Mlm4AeskDqRN94E7fwLlq8cKiBT5YQ4OZ
3u2oTpFZtaqC3wweQHVX
=E3XO
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 311-1] rpcbind security update
Next by Date: [SECURITY] [DLA 310-1] linux-2.6 security update
Previous by thread: [SECURITY] [DLA 311-1] rpcbind security update
Next by thread: [SECURITY] [DLA 310-1] linux-2.6 security update
Index(es):
- Date
- Thread