Your message dated Sun, 3 Sep 2017 20:52:15 +0200
with message-id <[email protected]>
and subject line Re: Bug#865845: libtorrent-rasterbar: CVE-2017-9847
has caused the Debian Bug report #865845,
regarding libtorrent-rasterbar: CVE-2017-9847
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
865845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865845
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtorrent-rasterbar
Version: 1.1.1-1
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/arvidn/libtorrent/issues/2099
Hi,
the following vulnerability was published for libtorrent-rasterbar.
CVE-2017-9847[0]:
| The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote
| attackers to cause a denial of service (heap-based buffer over-read and
| application crash) via a crafted file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9847
[1] https://github.com/arvidn/libtorrent/issues/2099
[2]
https://github.com/arvidn/libtorrent/commit/ec30a5e9ec703afb8abefba757c6d401303b53db
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libtorrent-rasterbar
Source-Version: 1.1.4-1
Hi
On Sun, Jun 25, 2017 at 09:17:32AM +0200, Salvatore Bonaccorso wrote:
> Source: libtorrent-rasterbar
> Version: 1.1.1-1
> Severity: important
> Tags: security upstream patch
> Forwarded: https://github.com/arvidn/libtorrent/issues/2099
>
> Hi,
>
> the following vulnerability was published for libtorrent-rasterbar.
>
> CVE-2017-9847[0]:
> | The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote
> | attackers to cause a denial of service (heap-based buffer over-read and
> | application crash) via a crafted file.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2017-9847
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9847
> [1] https://github.com/arvidn/libtorrent/issues/2099
> [2]
> https://github.com/arvidn/libtorrent/commit/ec30a5e9ec703afb8abefba757c6d401303b53db
>
> Please adjust the affected versions in the BTS as needed.
Looks this was missed to be closed in the 1.1.4-1 upload. Closing
manually.
Regards,
Salvatore
--- End Message ---
