Bug#700234: CVE request: Transmission can be made to crash remotely
Hey guys, On 13/02/13 08:51, Salvatore Bonaccorso wrote: A CVE was assigned to this now: CVE-2012-6129. Thanks for all the work! I'm unfortunately seriously swamped at least until next Wednesday and would really appreciate an NMU (and if it's not asking too much, that the NMU changes be committed to the collab-maint repo) Thanks again and sorry for the uselessness! :/ Cheers -- Leo costela Antunes [insert a witty retort here] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#700234: CVE request: Transmission can be made to crash remotely
Control: retitle 700234 transmission-daemon: CVE-2012-6129: Transmission can be made to crash remotely Hi On Sun, Feb 10, 2013 at 01:22:28PM +0100, Yves-Alexis Perez wrote: On dim., 2013-02-10 at 11:50 +0100, Josselin Mouette wrote: Package: transmission-daemon Version: 2.52-3 Severity: grave Tags: security patch upstream Justification: user security hole The transmission-daemon package in wheezy crashes regularly. According to upstream this is a remote security hole (at least a remote DoS, but most probably there is a way to take control of the process). https://trac.transmissionbt.com/ticket/5044 https://trac.transmissionbt.com/ticket/5002 Apparently there is no CVE assigned. The bug is fixed upstream and I???m attaching the patch. I???m currently testing a patched package, and will report whether the fix is sufficient. Could a CVE be assigned for this? A CVE was assigned to this now: CVE-2012-6129. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#700234: CVE request: Transmission can be made to crash remotely
On dim., 2013-02-10 at 11:50 +0100, Josselin Mouette wrote: Package: transmission-daemon Version: 2.52-3 Severity: grave Tags: security patch upstream Justification: user security hole The transmission-daemon package in wheezy crashes regularly. According to upstream this is a remote security hole (at least a remote DoS, but most probably there is a way to take control of the process). https://trac.transmissionbt.com/ticket/5044 https://trac.transmissionbt.com/ticket/5002 Apparently there is no CVE assigned. The bug is fixed upstream and I’m attaching the patch. I’m currently testing a patched package, and will report whether the fix is sufficient. Could a CVE be assigned for this? Thanks in advance, -- Yves-Alexis signature.asc Description: This is a digitally signed message part