Leo Costela and Josselin Mouette uploaded new packages for transmission
which fixed the following security problem:
CVE-2010-0012
DSA-1967-1
Dan Rosenberg discovered that Transmission, a lightweight client
for
the Bittorrent filesharing protocol performs insufficient
sanitizing
of file names specified in .torrent files. This could lead to
the
overwrite of local files with the privileges of the user running
Transmission if the user is tricked into opening a malicious
torrent
file.
For the stable distribution (lenny), this problem has been fixed in
version 1.22-1+lenny2.
For the unstable distribution (sid), this problem has been fixed in
version 1.77-1.
For the lenny-backports distribution the problems have been fixed in
version 1.77-1~bpo50+1.
If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new
versions of installed backports will be installed automatically.
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
โ
.''. Josselin Mouette : :' :
. ' โI recommend you to learn English in hope that you in
- future understand thingsโ โ Jรถrg Schilling
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 5 | all | transmission | <ย 1.22-1+lenny2 | transmission_1.22-1+lenny2_all.deb |
Debian | 5 | all | transmission-cli | <ย 1.22-1+lenny2 | transmission-cli_1.22-1+lenny2_all.deb |
Debian | 5 | all | transmission-gtk | <ย 1.22-1+lenny2 | transmission-gtk_1.22-1+lenny2_all.deb |
Debian | 5 | all | transmission-common | <ย 1.22-1+lenny2 | transmission-common_1.22-1+lenny2_all.deb |