Date: Mon, 29 Dec 2014 13:25:56 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 196351] net/libutp: backport fix for transmission crash (likely CVE-2012-6129) Message-ID: <bug-196351-13-1d8Cu91f6h@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-196351-13@https.bugs.freebsd.org/bugzilla/> References: <bug-196351-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196351 --- Comment #5 from Jan Beich <jbeich@vfemail.net> --- Requires PORTREVISION bump and VuXML entry: <vuln vid="0523fb7e-8444-4e86-812d-8de05f6f0dce"> <topic>libutp -- remote denial of service or arbitrary code execution</topic> <affects> <package> <name>bittorrent-libutp</name> <range><lt>0.20130514_1</lt></range> </package> <package> <name>transmission-cli</name> <name>transmission-deamon</name> <name>transmission-gtk</name> <name>transmission-qt4</name> <range><lt>2.74</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>NVD reports:</p> <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6129"> <p>Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."</p> </blockquote> </body> </description> <references> <cvename>CVE-2012-6129</cvename> <url>https://github.com/bittorrent/libutp/issues/38</url> <url>https://trac.transmissionbt.com/ticket/5002</url> </references> <dates> <discovery>2012-08-01</discovery> <entry>2014-12-29</entry> </dates> </vuln> -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-196351-13-1d8Cu91f6h>