ArchLinux: 201609-8: libtorrent-rasterbar: denial of service
Summary
A bug has been found in the libtorrent-rasterbar code handling GZIP-encoded responses from a tracker, where malformed responses could lead to a crash.
Resolution
Upgrade to 1:1.1.1-1.
# pacman -Syu "libtorrent-rasterbar>=1:1.1.1-1"
The problem has been fixed upstream in version 1.1.1.
References
https://seclists.org/oss-sec/2016/q3/443 https://access.redhat.com/security/cve/CVE-2016-7164
Workaround
None.