Bug#700234: CVE request: Transmission can be made to crash remotely
Hey guys, On 13/02/13 08:51, Salvatore Bonaccorso wrote: > A CVE was assigned to this now: CVE-2012-6129. Thanks for all the work! I'm unfortunately seriously swamped at least until next Wednesday and would really appreciate an NMU (and if it's not asking too much, that the NMU changes be committed to the collab-maint repo) Thanks again and sorry for the uselessness! :/ Cheers -- Leo "costela" Antunes [insert a witty retort here] -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#700234: CVE request: Transmission can be made to crash remotely
Processing control commands: > retitle 700234 transmission-daemon: CVE-2012-6129: Transmission can be made > to crash remotely Bug #700234 [transmission-daemon] transmission-daemon: Transmission can be made to crash remotely Changed Bug title to 'transmission-daemon: CVE-2012-6129: Transmission can be made to crash remotely' from 'transmission-daemon: Transmission can be made to crash remotely' -- 700234: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700234 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700234: CVE request: Transmission can be made to crash remotely
Control: retitle 700234 transmission-daemon: CVE-2012-6129: Transmission can be made to crash remotely Hi On Sun, Feb 10, 2013 at 01:22:28PM +0100, Yves-Alexis Perez wrote: > On dim., 2013-02-10 at 11:50 +0100, Josselin Mouette wrote: > > Package: transmission-daemon > > Version: 2.52-3 > > Severity: grave > > Tags: security patch upstream > > Justification: user security hole > > > > The transmission-daemon package in wheezy crashes regularly. According > > to upstream this is a remote security hole (at least a remote DoS, but > > most probably there is a way to take control of the process). > > > > https://trac.transmissionbt.com/ticket/5044 > > https://trac.transmissionbt.com/ticket/5002 > > > > Apparently there is no CVE assigned. The bug is fixed upstream and I???m > > attaching the patch. I???m currently testing a patched package, and will > > report whether the fix is sufficient. > > > Could a CVE be assigned for this? A CVE was assigned to this now: CVE-2012-6129. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700234: CVE request: Transmission can be made to crash remotely
On dim., 2013-02-10 at 11:50 +0100, Josselin Mouette wrote: > Package: transmission-daemon > Version: 2.52-3 > Severity: grave > Tags: security patch upstream > Justification: user security hole > > The transmission-daemon package in wheezy crashes regularly. According > to upstream this is a remote security hole (at least a remote DoS, but > most probably there is a way to take control of the process). > > https://trac.transmissionbt.com/ticket/5044 > https://trac.transmissionbt.com/ticket/5002 > > Apparently there is no CVE assigned. The bug is fixed upstream and I’m > attaching the patch. I’m currently testing a patched package, and will > report whether the fix is sufficient. > Could a CVE be assigned for this? Thanks in advance, -- Yves-Alexis signature.asc Description: This is a digitally signed message part