-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libtorrent-rasterbar Version : 0.14.10-2+deb6u1 CVE ID : CVE-2015-5685 Debian Bug : 797046
The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."
Note while this CVE was reported against BitTorrent DHT Bootstrapt server, the same vulnerable code is available in libtorrent-rasterbar. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJV/uCRXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHX40P/iGmdJk+BGp+Q1QbuueEPeP3 2KAAKCMi42qTwMLp5/pCgqlqKexm0tlNs82XkirDGR1rrnEx6HYm5elEv0l68FBF aKnQfQyJhJ3RH1PBcDTDJk2xfqliIR/32W/zF5h9QhTAqWPxpqwqpVA79fcYjpse 3S6ZoMDbcedaM96MJ4GkD1HGSc/9sZnEHiiWIPfMGTPmvgaioitbSECHcknFhr5X 4uKCCiKTd9HQioZPkqFjXcT7/qwsiLZqgexo/k128eUpI4949Iy1Cd/QO2wtHCp2 xtMyKSeT6INHshkL994LM7achVyCMSw3DsVg2KWGDJdKZl13Ir1v5uiYYrOtJfIA On/P7bm17zYMQx4d2t7C38LhFyfDPgDNpLlD/dUXsTsNI7ZX/6mq4zriEuCqcNXh ZcUAp4Yevp5lmOntWZzA5uW6uuIoP0zqw5Igb3n68f+wmG1+EbAvO4Wr0PCP4bin pcWobUUb4LPLbawGFDc70f1rBKsZnJnox1tnRkWcmANR+Q7EuQLyqH8RBLbdd728 Aa8U02DARJVkQu4JLGoNMdCd/ldU5CYFlBSYlqDTSAQ3ouWxFR8C1JeXnk8R95sS pWgkIuaob7yxjjtnFPvcD5ePq/0SxK9Mlm4AeskDqRN94E7fwLlq8cKiBT5YQ4OZ 3u2oTpFZtaqC3wweQHVX =E3XO -----END PGP SIGNATURE-----
