Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 29 Dec 2014 13:25:56 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 196351] net/libutp: backport fix for transmission crash (likely CVE-2012-6129)
Message-ID:  <bug-196351-13-1d8Cu91f6h@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-196351-13@https.bugs.freebsd.org/bugzilla/>
References:  <bug-196351-13@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196351

--- Comment #5 from Jan Beich <jbeich@vfemail.net> ---
Requires PORTREVISION bump and VuXML entry:

  <vuln vid="0523fb7e-8444-4e86-812d-8de05f6f0dce">
    <topic>libutp -- remote denial of service or arbitrary code
execution</topic>
    <affects>
      <package>
    <name>bittorrent-libutp</name>
    <range><lt>0.20130514_1</lt></range>
      </package>
      <package>
    <name>transmission-cli</name>
    <name>transmission-deamon</name>
    <name>transmission-gtk</name>
    <name>transmission-qt4</name>
    <range><lt>2.74</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">;
    <p>NVD reports:</p>
    <blockquote
cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6129">;
      <p>Stack-based buffer overflow in utp.cpp in libutp, as used
        in Transmission before 2.74 and possibly other products,
        allows remote attackers to cause a denial of service (crash)
        and possibly execute arbitrary code via crafted "micro
        transport protocol packets."</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2012-6129</cvename>
      <url>https://github.com/bittorrent/libutp/issues/38</url>;
      <url>https://trac.transmissionbt.com/ticket/5002</url>;
    </references>
    <dates>
      <discovery>2012-08-01</discovery>
      <entry>2014-12-29</entry>
    </dates>
  </vuln>

-- 
You are receiving this mail because:
You are the assignee for the bug.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-196351-13-1d8Cu91f6h>