Quoting Secunia (http://secunia.com/advisories/34752/):
A vulnerability has been discovered in Enhanced CTorrent, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the function "btFiles::BuildFromMI()" in btfiles.cpp and can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted torrent file.
The vulnerability is confirmed in version 3.3.2. Other versions may also be affected.
"#Exploit tested on cTorrent 1.3.4 using Debian Sarge using Linux kernel 2.4.27-3-386
#Can't get the exploit working on a modern linux kernel because of ASLR"
We might need to investigate further on that.
Stack-based buffer overflow in the btFiles::BuildFromMI function
(trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and
probably earlier, and CTorrent 1.3.4, allows remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code
via a Torrent file containing a long path.
+*ctorrent-3.3.2-r1 (30 Aug 2010)
+ 30 Aug 2010; Alex Legler <email@example.com> +ctorrent-3.3.2-r1.ebuild,
+ Non-maintainer commit: Revision bump to fix CVE-2009-1759, bug 266953.
Arches, please test and mark stable:
Target keywords : "amd64 arm ppc s390 sh x86"
Builds and runs fine on x86. Please mark stable for x86.
x86 stable, thanks Myckel
Marked ppc stable.
GLSA request filed.
This issue was resolved and addressed in
GLSA 201311-11 at http://security.gentoo.org/glsa/glsa-201311-11.xml
by GLSA coordinator Sergey Popov (pinkbyte).