Your message dated Tue, 16 Jun 2009 23:32:06 +0000
with message-id <e1mgi8m-0005l0...@ries.debian.org>
and subject line Bug#530255: fixed in ctorrent 1.3.4-dnh3.2-1.1
has caused the Debian Bug report #530255,
regarding CVE-2009-1759: Stack-based buffer overflow in the
btFiles::BuildFromMI function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
530255: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530255
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ctorrent
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ctorrent.
CVE-2009-1759[0]:
| Stack-based buffer overflow in the btFiles::BuildFromMI function
| (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and
| probably earlier, and CTorrent 1.3.4, allows remote attackers to cause
| a denial of service (crash) and possibly execute arbitrary code via a
| Torrent file containing a long path.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1759
http://security-tracker.debian.net/tracker/CVE-2009-1759
Patch:
http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoX4iQACgkQNxpp46476apQSACfZnMhb5D7ovIaEjkDgY+PmMN9
yqsAoJ+5IkruLzc09YpQg0lWXQ30RGiz
=hnC5
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: ctorrent
Source-Version: 1.3.4-dnh3.2-1.1
We believe that the bug you reported is fixed in the latest version of
ctorrent, which is due to be installed in the Debian FTP archive:
ctorrent_1.3.4-dnh3.2-1.1.diff.gz
to pool/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1.1.diff.gz
ctorrent_1.3.4-dnh3.2-1.1.dsc
to pool/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1.1.dsc
ctorrent_1.3.4-dnh3.2-1.1_amd64.deb
to pool/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 530...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <n...@debian.org> (supplier of updated ctorrent package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 17 Jun 2009 00:59:49 +0200
Source: ctorrent
Binary: ctorrent
Architecture: source amd64
Version: 1.3.4-dnh3.2-1.1
Distribution: unstable
Urgency: high
Maintainer: Andrea Veri <bluek...@ubuntu.com>
Changed-By: Nico Golde <n...@debian.org>
Description:
ctorrent - BitTorrent Client written in C++
Closes: 530255
Changes:
ctorrent (1.3.4-dnh3.2-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix stack-based buffer overflow via crafted path names
in torrent files (CVE-2009-1759; Closes: #530255).
Checksums-Sha1:
a400584619069e6092fd5c72a4eb155a7e6e0f7d 1112 ctorrent_1.3.4-dnh3.2-1.1.dsc
35efe6801e4c535b57d64c8eb6ab6144ceccc187 6452 ctorrent_1.3.4-dnh3.2-1.1.diff.gz
ec3e6c9390008cfb877938690a2478dd8c146222 111856
ctorrent_1.3.4-dnh3.2-1.1_amd64.deb
Checksums-Sha256:
f7806faeb45013520987f36a411cbf6745d2764c96dea60c914e31ede66a3026 1112
ctorrent_1.3.4-dnh3.2-1.1.dsc
420d1e3b1acc2cf38f5e021ae52e24e264d7a9a3b21d96cd3e6bd898d7ac00b3 6452
ctorrent_1.3.4-dnh3.2-1.1.diff.gz
790e82fd48e97729805ebd5d60b2ffcb1e31d519de2cc6ddd2e90096a7fc2c27 111856
ctorrent_1.3.4-dnh3.2-1.1_amd64.deb
Files:
465619c7bff9573679eb33400c263561 1112 net extra ctorrent_1.3.4-dnh3.2-1.1.dsc
37087f49c8b700992845df17f1cb3a83 6452 net extra
ctorrent_1.3.4-dnh3.2-1.1.diff.gz
a9253a247273ae5d1a2ca94f11a864f3 111856 net extra
ctorrent_1.3.4-dnh3.2-1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAko4KNcACgkQHYflSXNkfP9b0QCcCUsD8jv3PCFLzyJOAHfBof3u
itkAoI8fGUtVlncaDPapDSOJCTN8O+m4
=FZJE
-----END PGP SIGNATURE-----
--- End Message ---
