[Bug 196351] net/libutp: backport fix for transmission crash (likely CVE-2012-6129)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Dec 29 13:25:56 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196351
--- Comment #5 from Jan Beich <jbeich at vfemail.net> ---
Requires PORTREVISION bump and VuXML entry:
<vuln vid="0523fb7e-8444-4e86-812d-8de05f6f0dce">
<topic>libutp -- remote denial of service or arbitrary code
execution</topic>
<affects>
<package>
<name>bittorrent-libutp</name>
<range><lt>0.20130514_1</lt></range>
</package>
<package>
<name>transmission-cli</name>
<name>transmission-deamon</name>
<name>transmission-gtk</name>
<name>transmission-qt4</name>
<range><lt>2.74</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>NVD reports:</p>
<blockquote
cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6129">
<p>Stack-based buffer overflow in utp.cpp in libutp, as used
in Transmission before 2.74 and possibly other products,
allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via crafted "micro
transport protocol packets."</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2012-6129</cvename>
<url>https://github.com/bittorrent/libutp/issues/38</url>
<url>https://trac.transmissionbt.com/ticket/5002</url>
</references>
<dates>
<discovery>2012-08-01</discovery>
<entry>2014-12-29</entry>
</dates>
</vuln>
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list