Date: Sun, 10 Feb 2013 13:22:28 +0100 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com Cc: 700234@...s.debian.org, Josselin Mouette <joss@...ian.org> Subject: CVE request: Transmission can be made to crash remotely On dim., 2013-02-10 at 11:50 +0100, Josselin Mouette wrote: > Package: transmission-daemon > Version: 2.52-3 > Severity: grave > Tags: security patch upstream > Justification: user security hole > > The transmission-daemon package in wheezy crashes regularly. According > to upstream this is a remote security hole (at least a remote DoS, but > most probably there is a way to take control of the process). > > https://trac.transmissionbt.com/ticket/5044 > https://trac.transmissionbt.com/ticket/5002 > > Apparently there is no CVE assigned. The bug is fixed upstream and I’m > attaching the patch. I’m currently testing a patched package, and will > report whether the fix is sufficient. > Could a CVE be assigned for this? Thanks in advance, -- Yves-Alexis Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ