Debian Bug report logs -
#826380
libtorrent-rasterbar: CVE-2016-5301
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Cristian Greco <cristian@debian.org>:
Bug#826380; Package src:libtorrent-rasterbar.
(Sun, 05 Jun 2016 06:24:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Cristian Greco <cristian@debian.org>.
(Sun, 05 Jun 2016 06:24:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libtorrent-rasterbar
Version: 1.0.7-1
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/arvidn/libtorrent/issues/780
Hi,
the following vulnerability was published for libtorrent-rasterbar.
CVE-2016-5301[0]:
denial of service
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-5301
[1] https://github.com/arvidn/libtorrent/issues/780
[2] https://github.com/arvidn/libtorrent/pull/782
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org.
(Thu, 09 Jun 2016 17:54:35 GMT) (full text, mbox, link).
Reply sent
to Andrew Starr-Bochicchio <asb@debian.org>:
You have taken responsibility.
(Wed, 10 Aug 2016 12:03:22 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 10 Aug 2016 12:03:22 GMT) (full text, mbox, link).
Message #12 received at 826380-close@bugs.debian.org (full text, mbox, reply):
Source: libtorrent-rasterbar
Source-Version: 1.1.0-1
We believe that the bug you reported is fixed in the latest version of
libtorrent-rasterbar, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 826380@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrew Starr-Bochicchio <asb@debian.org> (supplier of updated libtorrent-rasterbar package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 08 Aug 2016 23:38:37 -0400
Source: libtorrent-rasterbar
Binary: libtorrent-rasterbar9 libtorrent-rasterbar-dev libtorrent-rasterbar-dbg libtorrent-rasterbar-doc python-libtorrent python-libtorrent-dbg python3-libtorrent python3-libtorrent-dbg
Architecture: source amd64 all
Version: 1.1.0-1
Distribution: unstable
Urgency: medium
Maintainer: Cristian Greco <cristian@debian.org>
Changed-By: Andrew Starr-Bochicchio <asb@debian.org>
Description:
libtorrent-rasterbar-dbg - Debug symbols for libtorrent-rasterbar
libtorrent-rasterbar-dev - Development files for libtorrent-rasterbar
libtorrent-rasterbar-doc - Documentation for libtorrent-rasterbar
libtorrent-rasterbar9 - C++ bittorrent library by Rasterbar Software
python-libtorrent - Python bindings for libtorrent-rasterbar
python-libtorrent-dbg - Python bindings for libtorrent-rasterbar (debug symbols)
python3-libtorrent - Python bindings for libtorrent-rasterbar (Python 3)
python3-libtorrent-dbg - Python bindings for libtorrent-rasterbar (debug symbols) (Python
Closes: 826380
Changes:
libtorrent-rasterbar (1.1.0-1) unstable; urgency=medium
.
* New upstream release.
- Fixes CVE-2016-5301, crash while parsing invalid
chunked HTTP or UPnP response (Closes: #826380).
* New package libtorrent-rasterbar9, bump library soname.
* Drop python-clean-without-bjam.patch, applied upstream.
* Drop missing_rst_file.patch, applied upstream.
* Build depend on libboost-chrono-dev and libboost-random-dev.
* python-dbg-build-fix.patch: Fix building bindings with python-dbg.
Thanks to Calum Lind.
* Bump Standards-Version to 3.9.8, no changes.
* Build with dh_autoreconf.
Checksums-Sha1:
f4cc71f4572515032855b8f5ed5e96656110e488 2845 libtorrent-rasterbar_1.1.0-1.dsc
bef0a36bfd61b77329f21f44cfce50859ab2c2fd 3629123 libtorrent-rasterbar_1.1.0.orig.tar.gz
5d3b47ff04d538577f0e5b2c16099e9af580db05 15688 libtorrent-rasterbar_1.1.0-1.debian.tar.xz
0ef54351fe46209bd4444c0c0d9efc53c7438b18 33583172 libtorrent-rasterbar-dbg_1.1.0-1_amd64.deb
5de330285d676481956706615d20a130932938cd 2120254 libtorrent-rasterbar-dev_1.1.0-1_amd64.deb
0972cb91e2a1a1c086e44e97eb039f471855ed44 1537220 libtorrent-rasterbar-doc_1.1.0-1_all.deb
ae30c2f5544368317a31c9bfb2d00b4421455fd5 1244134 libtorrent-rasterbar9_1.1.0-1_amd64.deb
b3d0659fbab68ac087c8011e45e8b06a44333bde 328552 python-libtorrent-dbg_1.1.0-1_amd64.deb
acad7bb8c6bc9dba5963aaa544f8723789ac90f9 304324 python-libtorrent_1.1.0-1_amd64.deb
1b922b0a4b9228e7d205f590bf7461d278428980 329606 python3-libtorrent-dbg_1.1.0-1_amd64.deb
91aab8fa379b614ee92aa74f89d98ef39f790cad 303474 python3-libtorrent_1.1.0-1_amd64.deb
Checksums-Sha256:
c2bc43183c9328ea1fc8f9c6b22e873ee3174911d8d8641a8278db5cd39b467d 2845 libtorrent-rasterbar_1.1.0-1.dsc
2713df7da4aec5263ac11b6626ea966f368a5a8081103fd8f2f2ed97b5cd731d 3629123 libtorrent-rasterbar_1.1.0.orig.tar.gz
e00366551c10e87b9e7358a97f60cf5941d830050690aed6cb30d19a6f219030 15688 libtorrent-rasterbar_1.1.0-1.debian.tar.xz
bee8a9c0e444ff174f77428750fbe235dccbe7a1f37cf5181cdb8d7865c69d9b 33583172 libtorrent-rasterbar-dbg_1.1.0-1_amd64.deb
7cb59cc2680dd4909137225a41631dea396aaead8ef1002a296e85db9743f23c 2120254 libtorrent-rasterbar-dev_1.1.0-1_amd64.deb
3866e23f6754b44253175f93eb03416a159406610e508ffd54465b6c725d74ec 1537220 libtorrent-rasterbar-doc_1.1.0-1_all.deb
59e2884690bad9d0299bb72463b340fedead554dc194de840c08fc45f2903b15 1244134 libtorrent-rasterbar9_1.1.0-1_amd64.deb
ab4e1a8d5c28e5f2d4d24a31c8d4d34b33e6d58f85a48c43ef9ea7c09730576e 328552 python-libtorrent-dbg_1.1.0-1_amd64.deb
f99f15a12467491d6e9de845ba697e1c4cb6548f726b5d260a90627d0838bdbc 304324 python-libtorrent_1.1.0-1_amd64.deb
a909411a768bb720af669ff5a9799a4771806a1e6138ca7b2a6a808aadd3e1e6 329606 python3-libtorrent-dbg_1.1.0-1_amd64.deb
7951c2c566d06d7a66ca29a63d88a5a930a949e77b51786fa3d8b278368f4658 303474 python3-libtorrent_1.1.0-1_amd64.deb
Files:
4872371a15b51c07585555132b88e593 2845 libs optional libtorrent-rasterbar_1.1.0-1.dsc
3a291044b5b33fec3e30b22a94fda31f 3629123 libs optional libtorrent-rasterbar_1.1.0.orig.tar.gz
189c3443a0604bb0ec9a4846481bfe16 15688 libs optional libtorrent-rasterbar_1.1.0-1.debian.tar.xz
7ebdf8c9d36bbbb22e1750e164229295 33583172 debug extra libtorrent-rasterbar-dbg_1.1.0-1_amd64.deb
eb8e2c0ff923641de3862cde85f572a1 2120254 libdevel optional libtorrent-rasterbar-dev_1.1.0-1_amd64.deb
f7de7aab274451d6184c83d21559efc8 1537220 doc optional libtorrent-rasterbar-doc_1.1.0-1_all.deb
202d9c5cb3c8b1509a65b8c0d91a48e9 1244134 libs optional libtorrent-rasterbar9_1.1.0-1_amd64.deb
f43d9e54b06048ad91073ba722dcb101 328552 debug extra python-libtorrent-dbg_1.1.0-1_amd64.deb
218c6591befa15c0ebd21f60f0563a41 304324 python optional python-libtorrent_1.1.0-1_amd64.deb
61fd8c693f6a7ef0af22bf35cb08adc7 329606 debug extra python3-libtorrent-dbg_1.1.0-1_amd64.deb
3c2f686360bb421ba0977e73e643ec8e 303474 python optional python3-libtorrent_1.1.0-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXqV21AAoJEDtW4rvVP9yxjFoP/id078moo3A/fLUU8g781A2r
ssuDeWpTusa3YIoikkFZeh6MJp1ROSO07UtV0MZYNZCmXFNyICULnnBIuKxT3T4Q
voNWUfAgS8DWRBfO5ig7TgK1H9bjSKAFaThn8KmfqAvJIhP8s8CqYQZ8kfsj+1Qk
gouO5RnwzIh6+DFEYyymeby6j4eLB1cWqYA6UmOlQjr7CPJ4Z0HIfox9VeBDDlyB
UkSF8jgwudFVXyEHbTLq8OtAsdGcG3TvZXNDPqMGDDrwwaSbulHL3ZDhRlvhmGZh
Qeibsyq6lppcHg5pbFUQsSoGqD1fmIdzhZgEGpXpYDkSW98YP0dsdz79sL4tJ/6A
QauRvJ/nsCnUxueWBsMFLMVXyShqipeNF2gpC9//MVXz7x18mWrHx64Fvox+/jhg
jV7Om8Qp7z2sc6M9NcR0gyULUU3J328wPDVRCSlgM106xkcSqX1zhe9/HMjCukfH
Gtkliv0YzPo8lxjYS2Y7uvJJ2r03FbFPMEsbEenPSd+G+EeIFtgmTWb/WfvUNrTU
Z6mUH7LkU+ny5TD7nJtj6eG4iIHsX6kwmJah4Bkcv0dh4C2iENJOhygIQbZX/zhh
VKIHaNCN9GU+PLNUj1fWYkeQyv8G62CgfaPQ9CziSRQjoL5SXNUhsIiZ+SM/1eK9
YAewl/H89VXgECYLoTpO
=feah
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 26 Sep 2016 07:36:38 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:57:17 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon