Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 10 Feb 2013 13:22:28 +0100
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Cc: 700234@...s.debian.org, Josselin Mouette <joss@...ian.org>
Subject: CVE request: Transmission can be made to crash remotely

On dim., 2013-02-10 at 11:50 +0100, Josselin Mouette wrote:
> Package: transmission-daemon
> Version: 2.52-3
> Severity: grave
> Tags: security patch upstream
> Justification: user security hole
> 
> The transmission-daemon package in wheezy crashes regularly. According 
> to upstream this is a remote security hole (at least a remote DoS, but 
> most probably there is a way to take control of the process).
> 
> https://trac.transmissionbt.com/ticket/5044
> https://trac.transmissionbt.com/ticket/5002
> 
> Apparently there is no CVE assigned. The bug is fixed upstream and I’m 
> attaching the patch. I’m currently testing a patched package, and will 
> report whether the fix is sufficient.
> 
Could a CVE be assigned for this?

Thanks in advance,
-- 
Yves-Alexis

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ