-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libtorrent-rasterbar Version : 0.15.10-1+deb7u1 CVE ID : CVE-2016-5301 Debian Bug : 826380
A specially crafted HTTP response from a tracker (or potentially a UPnP broadcast) can crash libtorrent in the parse_chunk_header() function. Although this function is not present in this version, upstream's additional sanity checks were added to abort the program if necessary instead of crashing it. For Debian 7 "Wheezy", these problems have been fixed in version 0.15.10-1+deb7u1. We recommend that you upgrade your libtorrent-rasterbar packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJXW8mvXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkyR8P/ibd7TdNPCdYaOIbBEmvV31A +25gzuinPHriVYuZDX1g2e5VeXPKKVBy5DOYj9RHOrv3nGsgUb4X/D+POYtFzE66 Nra9W5Ucpj2nS8JbtcGnDCSNOId/sXgVvvx156uZ3XA8prhtXLGHTDD6gmEpV3Td oUKECL7exP5SfpaMEHiktaLUnmts4VDGPojW71teVV/EqDQ8cF76oihJBF3JdtK4 Lmxdo69ibpsZ9RbasQDyAyoDq6G3cjxbjQlTF0qZKjJICejLT63Brbzi228k0U6E zLKw1uXCwEmC48YJEHf8bylD3Y9qrcAuGGJD4v9SKQwM+6sTzqnKevpWN+UfD04p KV0U0b+5n9gwQFlzUk6PRPosa+oIYejoKsqImnunEiYeWVxrFlfrOi4sfvI2ydon rvSm8TEQSqbE0xKqGcvYjHrj2H8bL4SVYGXUhHw2qzrU64nc3BD2ghCMWmfwEmra fMtK2mFmr7eOcKJ0AMhqdhZ/W7TOLOoHCfAVO+/XSJvKrWk2uyFB5ccU94v0L55g uKmUEHK3JzxWq2sQN66tOyjuu7+h8Uws4DVRsLUSJwLtPRLzsUL6xhaK/5v72IY3 mPZ+afck0gOHw2wlUSlzlJfHBLYOeShiQvcmJ2/4Rx2cNALcJ2VYKTobrFgHeFWP 3agSbc1eLlwKy0DwvF1R =SRMj -----END PGP SIGNATURE-----