oss-sec mailing list archives
CVE request: Transmission can be made to crash remotely
From: Yves-Alexis Perez <corsac () debian org>
Date: Sun, 10 Feb 2013 13:22:28 +0100
On dim., 2013-02-10 at 11:50 +0100, Josselin Mouette wrote:
Package: transmission-daemon Version: 2.52-3 Severity: grave Tags: security patch upstream Justification: user security hole The transmission-daemon package in wheezy crashes regularly. According to upstream this is a remote security hole (at least a remote DoS, but most probably there is a way to take control of the process). https://trac.transmissionbt.com/ticket/5044 https://trac.transmissionbt.com/ticket/5002 Apparently there is no CVE assigned. The bug is fixed upstream and I’m attaching the patch. I’m currently testing a patched package, and will report whether the fix is sufficient.
Could a CVE be assigned for this? Thanks in advance, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- CVE request: Transmission can be made to crash remotely Yves-Alexis Perez (Feb 10)
- Re: CVE request: Transmission can be made to crash remotely Jan Lieskovsky (Feb 11)
- Re: CVE request: Transmission can be made to crash remotely Kurt Seifried (Feb 12)
- Re: CVE request: Transmission can be made to crash remotely Jan Lieskovsky (Feb 11)