[Secure-testing-team] Bug#774645: libevent: CVE-2014-6272: potential heap overflow in buffer/bufferevent APIs
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 5 17:49:12 UTC 2015
Source: libevent
Version: 1.4.13-stable-1
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for libevent.
CVE-2014-6272[0]:
potential heap overflow in buffer/bufferevent APIs
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Upstream patches are found in [1], [2] and [3].
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-6272
[1] http://archives.seul.org/libevent/users/Jan-2015/msg00011.html
https://github.com/libevent/libevent/commit/841ecbd96105c84ac2e7c9594aeadbcc6fb38bc4 (2.1)
[2] http://archives.seul.org/libevent/users/Jan-2015/msg00012.html
https://github.com/libevent/libevent/commit/20d6d4458bee5d88bda1511c225c25b2d3198d6c (2.0)
[3] http://archives.seul.org/libevent/users/Jan-2015/msg00013.html
https://github.com/libevent/libevent/commit/7b21c4eabf1f3946d3f63cce1319c490caab8ecf (1.4)
(FYI, I have already prepared an update for wheezy-security with the
upstream patch).
Regards,
Salvatore
More information about the Secure-testing-team
mailing list