Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859)
and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote
attackers to cause a denial of service (memory consumption and crash)
via a crafted Range header. NOTE: this is probably a different
vulnerability than CVE-2008-0071 and CVE-2008-0364.
Filed as UNCO as it up to date only the Windows version has been proven vulnerable. No patch available atm.
We don't even have this version in the tree.
The original advisory says:
Versions: BitTorrent <= 6.0.1 (build 7859)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7166 says that 4.4.0 is affected. @maintainers: I think it's necessary to bump to >6.0.1, no patch/workaround seems to be available. Still unclear whether this is windows-only.
removed from the tree
net-p2p/bittorrent removed from tree months ago per previous comment
closing as package is no longer in tree