| Summary: | <net-libs/libtorrent-rasterbar-1.0.11-r1: Segmentation fault caused by malformed GZIP encoded response | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | hwoarang, sir.suriv |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1374349 | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: |
=net-libs/libtorrent-rasterbar-1.0.11-r1
|
Runtime testing required: | --- |
@ maintainer(s): A public release (v1.1.1) containing the fix was released. Also there's a backport for v1.0.x: https://github.com/arvidn/libtorrent/commit/2d7d0128adafb7574d0e5a66390188cdfb8caad6 Fixed version 1.0.11 was added to tree on 2017-03-07, please add arches as you see fit. Please stabilize sigh x86 stable Stable on amd64 arm stable ppc/ppc64 stable Cleanup done in git commit 8707e66100a153095d6b2b8582a730c4b10fac4c Cleanup and stabilization done, thank you all. @ Security, please vote on glsa. (In reply to Andreas Sturmlechner from comment #9) > Cleanup done in git commit 8707e66100a153095d6b2b8582a730c4b10fac4c Thanks, Andreas! GLSA Vote: No. |
From ${URL} : A segmentation fault happens when receiving malformed GZIP encoded response. An attacker-controlled torrent tracker can crash victim torrent clients by sending malformed GZIP responses. Upstream issue: https://github.com/arvidn/libtorrent/issues/1021 Upstream patch: https://github.com/arvidn/libtorrent/commit/debf3c6e3688aab8394fe5c47737625faffe6f9e CVE assignment: http://seclists.org/oss-sec/2016/q3/443 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.