libtorrent-rasterbar -- programming error

2009-06-14T00:00:00
ID DSA-1815
Type debian
Reporter Debian
Modified 2009-06-14T00:00:00

Description

It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files.

The old stable distribution (etch) doesn't include libtorrent-rasterbar.

For the stable distribution (lenny), this problem has been fixed in version 0.13.1-2+lenny1.

For the unstable distribution (sid), this problem has been fixed in version 0.14.4-1.

We recommend that you upgrade your libtorrent-rasterbar package.