Source: libevent Version: 1.4.13-stable-1 Severity: grave Tags: security upstream patch fixed-upstream
Hi, the following vulnerability was published for libevent. CVE-2014-6272[0]: potential heap overflow in buffer/bufferevent APIs If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. Upstream patches are found in [1], [2] and [3]. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-6272 [1] http://archives.seul.org/libevent/users/Jan-2015/msg00011.html https://github.com/libevent/libevent/commit/841ecbd96105c84ac2e7c9594aeadbcc6fb38bc4 (2.1) [2] http://archives.seul.org/libevent/users/Jan-2015/msg00012.html https://github.com/libevent/libevent/commit/20d6d4458bee5d88bda1511c225c25b2d3198d6c (2.0) [3] http://archives.seul.org/libevent/users/Jan-2015/msg00013.html https://github.com/libevent/libevent/commit/7b21c4eabf1f3946d3f63cce1319c490caab8ecf (1.4) (FYI, I have already prepared an update for wheezy-security with the upstream patch). Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
