4 ignored security issues in jessie

package:
libtorrent-rasterbar
severity:
low
created:
2015-08-26
last updated:
2019-10-21

There are 4 open security issues in jessie.
4 issues skipped by the security teams:
  • CVE-2017-9847: The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
  • CVE-2015-5685: The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."
  • CVE-2016-7164: The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response.
  • CVE-2016-5301: The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast.
Please fix them.