Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: Transmission can be made to crash remotely
From: Yves-Alexis Perez <corsac () debian org>
Date: Sun, 10 Feb 2013 13:22:28 +0100

On dim., 2013-02-10 at 11:50 +0100, Josselin Mouette wrote:
Package: transmission-daemon
Version: 2.52-3
Severity: grave
Tags: security patch upstream
Justification: user security hole

The transmission-daemon package in wheezy crashes regularly. According 
to upstream this is a remote security hole (at least a remote DoS, but 
most probably there is a way to take control of the process).

https://trac.transmissionbt.com/ticket/5044
https://trac.transmissionbt.com/ticket/5002

Apparently there is no CVE assigned. The bug is fixed upstream and I’m 
attaching the patch. I’m currently testing a patched package, and will 
report whether the fix is sufficient.

Could a CVE be assigned for this?

Thanks in advance,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault