Debian Bug report logs -
#1001711
libtoxcore2: Stack-based buffer overflow vulnerability in UDP packet handling in Toxcore (CVE-2021-44847)
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, vindrg@gmail.com, Yangfl <mmyangfl@gmail.com>
:
Bug#1001711
; Package libtoxcore2
.
(Tue, 14 Dec 2021 18:15:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Vincas Dargis <vindrg@gmail.com>
:
New Bug report received and forwarded. Copy sent to vindrg@gmail.com, Yangfl <mmyangfl@gmail.com>
.
(Tue, 14 Dec 2021 18:15:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libtoxcore2
Version: 0.2.12-1+b1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Dear Maintainer,
libtoxcore has CVE-2021-44847:
https://blog.tox.chat/2021/12/stack-based-buffer-overflow-vulnerability-in-udp-packet-handling-in-toxcore-cve-2021-44847/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44847
Workaround is to disable UDP support in settings.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8), LANGUAGE=lt
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libtoxcore2 depends on:
ii libc6 2.33-1
ii libopus0 1.3.1-0.1
ii libsodium23 1.0.18-1
ii libvpx7 1.11.0-2
libtoxcore2 recommends no packages.
libtoxcore2 suggests no packages.
-- no debconf information
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Dec 15 14:39:42 2021;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.