[SECURITY] Fedora 9 Update: deluge-0.5.9.3-2.fc9
updates at fedoraproject.org
updates at fedoraproject.org
Sat Jun 27 02:57:43 UTC 2009
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-6682
2009-06-19 12:31:30
--------------------------------------------------------------------------------
Name : deluge
Product : Fedora 9
Version : 0.5.9.3
Release : 2.fc9
URL : http://deluge-torrent.org/
Summary : A GTK+ BitTorrent client with support for DHT, UPnP, and PEX
Description :
Deluge is a new BitTorrent client, created using Python and GTK+. It is
intended to bring a native, full-featured client to Linux GTK+ desktop
environments such as GNOME and XFCE. It supports features such as DHT
(Distributed Hash Tables), PEX (µTorrent-compatible Peer Exchange), and UPnP
(Universal Plug-n-Play) that allow one to more easily share BitTorrent data
even from behind a router with virtually zero configuration of port-forwarding.
--------------------------------------------------------------------------------
Update Information:
This release adds a backported upstream patch to fix a directory traversal
vulnerability in the included copy of libtorrent which would allow a remote
attacker to create or overwrite arbitrary files via a ".." (dot dot) and partial
relative pathname in a specially-crafted torrent.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 18 2009 Peter Gordon <peter at thecodergeek.com> - 0.5.9.3-2
- Revert CVS files to to 0.9.5.3
- Add backported patch for the included copy of rb_libtorrent to fix
CVE-2009-1760 (#505523):
+ 0.5.9.3-CVE-2009-1760.diff
* Thu Nov 13 2008 Peter Gordon <peter at thecodergeek.com> - 1.0.5-1
- Update to new upstream release (1.0.5)
- Drop desktop file icon name hack (fixed upstream).
- Add setuptools runtime dependency, to fix "No module named pkg_resources"
error messages.
* Tue Jun 24 2008 Peter Gordon <peter at thecodergeek.com> - 0.5.9.3-1
- Update to new upstream release (0.5.9.3)
* Fri May 23 2008 Peter Gordon <peter at thecodergeek.com> - 0.5.9.1-1
- Update to new upstream release (0.5.9.1)
* Fri May 2 2008 Peter Gordon <peter at thecodergeek.com> - 0.5.9.0-1
- Update to new upstream release (0.5.9.0)
- Drop upstreamed default-preferences patch for disabling new version
notifications:
- default-prefs-no-release-notifications.patch
* Tue Apr 15 2008 Peter Gordon <peter at thecodergeek.com> - 0.5.8.9-1
- Update to new upstream release (0.5.8.9)
* Wed Mar 26 2008 Peter Gordon <peter at thecodergeek.com> - 0.5.8.7-1
- Update to new upstream release (0.5.8.7)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #505523 - CVE-2009-1760 rb_libtorrent: arbitrary file overwrite vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=505523
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update deluge' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list