[Secure-testing-team] Bug#700234: transmission-daemon: Transmission can be made to crash remotely
Josselin Mouette
joss at debian.org
Sun Feb 10 10:50:11 UTC 2013
Package: transmission-daemon
Version: 2.52-3
Severity: grave
Tags: security patch upstream
Justification: user security hole
The transmission-daemon package in wheezy crashes regularly. According
to upstream this is a remote security hole (at least a remote DoS, but
most probably there is a way to take control of the process).
https://trac.transmissionbt.com/ticket/5044
https://trac.transmissionbt.com/ticket/5002
Apparently there is no CVE assigned. The bug is fixed upstream and I’m
attaching the patch. I’m currently testing a patched package, and will
report whether the fix is sufficient.
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `'
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix_libutp_crash.patch
Type: text/x-diff
Size: 1613 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20130210/4d434a37/attachment.patch>
More information about the Secure-testing-team
mailing list