|
Message-ID: <1360498948.12723.7.camel@scapa>
Date: Sun, 10 Feb 2013 13:22:28 +0100
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Cc: 700234@...s.debian.org, Josselin Mouette <joss@...ian.org>
Subject: CVE request: Transmission can be made to crash remotely
On dim., 2013-02-10 at 11:50 +0100, Josselin Mouette wrote:
> Package: transmission-daemon
> Version: 2.52-3
> Severity: grave
> Tags: security patch upstream
> Justification: user security hole
>
> The transmission-daemon package in wheezy crashes regularly. According
> to upstream this is a remote security hole (at least a remote DoS, but
> most probably there is a way to take control of the process).
>
> https://trac.transmissionbt.com/ticket/5044
> https://trac.transmissionbt.com/ticket/5002
>
> Apparently there is no CVE assigned. The bug is fixed upstream and I’m
> attaching the patch. I’m currently testing a patched package, and will
> report whether the fix is sufficient.
>
Could a CVE be assigned for this?
Thanks in advance,
--
Yves-Alexis
Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.