From ${URL} : A segmentation fault happens when receiving malformed GZIP encoded response. An attacker-controlled torrent tracker can crash victim torrent clients by sending malformed GZIP responses. Upstream issue: https://github.com/arvidn/libtorrent/issues/1021 Upstream patch: https://github.com/arvidn/libtorrent/commit/debf3c6e3688aab8394fe5c47737625faffe6f9e CVE assignment: http://seclists.org/oss-sec/2016/q3/443 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
@ maintainer(s): A public release (v1.1.1) containing the fix was released. Also there's a backport for v1.0.x: https://github.com/arvidn/libtorrent/commit/2d7d0128adafb7574d0e5a66390188cdfb8caad6
Fixed version 1.0.11 was added to tree on 2017-03-07, please add arches as you see fit.
Please stabilize
sigh
x86 stable
Stable on amd64
arm stable
ppc/ppc64 stable
Cleanup done in git commit 8707e66100a153095d6b2b8582a730c4b10fac4c
Cleanup and stabilization done, thank you all. @ Security, please vote on glsa.
(In reply to Andreas Sturmlechner from comment #9) > Cleanup done in git commit 8707e66100a153095d6b2b8582a730c4b10fac4c Thanks, Andreas! GLSA Vote: No.