Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 208162 - net-p2p/deluge < 0.5.8.3 Bencode Remote Buffer overflow (CVE-2008-0646)
Summary: net-p2p/deluge < 0.5.8.3 Bencode Remote Buffer overflow (CVE-2008-0646)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-30 10:58 UTC by Raúl Porcel (RETIRED)
Modified: 2008-02-23 17:47 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Raúl Porcel (RETIRED) gentoo-dev 2008-01-30 10:58:07 UTC 
http://deluge-torrent.org/Changelog.php

There's not much info on the homepage, but i've been told upstream that all previous versions are affected, so we could stabilize 0.5.8.3 :)

Ah, it affects the library it includes and ships, they've told me this is the fix: http://code.rasterbar.com/libtorrent/changeset/1968 But i want 0.5.8.3 stable :)
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-01-31 20:19:55 UTC 
Arches, please test and mark stable:
=net-p2p/deluge-0.5.8.3
Target keywords : "amd64 x86"

Raul, thanks for lettins us know.
Comment 2 Christian Faulhammer (RETIRED) gentoo-dev 2008-02-01 09:11:00 UTC 
x86 stable
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-10 14:35:57 UTC 
As far as I can see this is only a remote DoS.
Comment 4 Olivier Crete (RETIRED) gentoo-dev 2008-02-10 20:33:34 UTC 
amd64 stable
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-10 21:17:52 UTC 
This one is ready for GLSA vote. I tend to vote NO.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-02-16 01:11:42 UTC 
Same as in bug 208854, NO - and closing.
Comment 7 Peter Volkov (RETIRED) gentoo-dev 2008-02-23 17:47:19 UTC 
Fixed in release snapshot.