Fedora 10 Update: deluge-1.1.9-1.fc10 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: February 6th, 2012

Linux Advisory Watch: February 3rd, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora 10 Update: deluge-1.1.9-1.fc10

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

Deluge 1.1.9 contains updated translations and fixes for a "move torrent" issue (now only happens when the torrent has data downloaded), a folder renaming bug (renaming a parent folder into multiple folders), and an issue with adding a remote torrent in the WebUI. This update also includes all upstream bug-fixes and enhancements in versions 1.1.7 and 1.1.8 (which were skipped in this package). For a full list of these changes, please see the upstream changelog: http://dev.deluge-torrent.org/wiki/ChangeLog In addition, the included copy of rb_libtorrent has been updated to fix a potential directory traversal vulnerability which would allow a remote attacker to create or overwrite arbitrary files via a ".." (dot dot) and partial relative pathname in a specially-crafted torrent.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-6760
2009-06-19 12:33:28
--------------------------------------------------------------------------------

Name        : deluge
Product     : Fedora 10
Version     : 1.1.9
Release     : 1.fc10
URL         : http://deluge-torrent.org/
Summary     : A GTK+ BitTorrent client with support for DHT, UPnP, and PEX
Description :
Deluge is a new BitTorrent client, created using Python and GTK+. It is
intended to bring a native, full-featured client to Linux GTK+ desktop
environments such as GNOME and XFCE. It supports features such as DHT
(Distributed Hash Tables), PEX (µTorrent-compatible Peer Exchange), and UPnP
(Universal Plug-n-Play) that allow one to more easily share BitTorrent data
even from behind a router with virtually zero configuration of port-forwarding.

--------------------------------------------------------------------------------
Update Information:

Deluge 1.1.9 contains updated translations and fixes for a "move torrent" issue
(now only happens when the torrent has data downloaded), a folder renaming bug
(renaming a parent folder into multiple folders), and an issue with adding a
remote torrent in the WebUI.    This update also includes all upstream bug-fixes
and enhancements in versions 1.1.7 and 1.1.8 (which were skipped in this
package). For a full list of these changes, please see the upstream changelog:
http://dev.deluge-torrent.org/wiki/ChangeLog    In addition, the included copy
of rb_libtorrent has been updated to fix a potential directory traversal
vulnerability which would allow a remote attacker to create or overwrite
arbitrary files via a ".." (dot dot) and partial relative pathname in a
specially-crafted torrent.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 17 2009 Peter Gordon  - 1.1.9-1
- Update to new upstream bug-fix release (1.1.9), updates internal libtorrent
  copy to fix CVE-2009-1760 (#505523).
- Adds dependency on chardet for fixing lots of bugs with torrents
  which are not encoded as UTF-8.
- Add back the flags, in an optional -flags subpackage as per the new Flags
  policy (Package_Maintainers_Flags_Policy on the wiki).
- Add LICENSE and README to installed documentation.
* Tue Apr  7 2009 Peter Gordon  - 1.1.6-1
- Update to new upstream bug-fix release (1.1.6)
- Fix GPL version, add OpenSSL exception to License.
* Thu Mar 26 2009 Peter Gordon  - 1.1.5-1
- Update to new upstream bug-fix release (1.1.5)
* Tue Mar 10 2009 Peter Gordon  - 1.1.4-2
- Fix the installed location of the scalable (SVG) icon (#483443).
  + scalable-icon-dir.diff
* Mon Mar  9 2009 Peter Gordon  - 1.1.4-1
- Update to new upstream bug-fix release (1.1.4)
* Sun Feb 15 2009 Peter Gordon  - 1.1.3-1
- Update to new upstream bug-fix release (1.1.3)
* Sun Feb  1 2009 Peter Gordon  - 1.1.2-2
- Fix scalable icon directory ownership (#483443).
* Sat Jan 31 2009 Peter Gordon  - 1.1.2-1
- Update to new upstream bug-fix release (1.1.2)
* Fri Jan 16 2009 Peter Gordon  - 1.1.0-1
- Update to new upstream release (1.1.0 Final - yay!)
- Do not package the country flags data. (#479265)
* Tue Dec 16 2008 Peter Gordon  - 1.0.7-1
- Update to new upstream bug-fix release (1.0.7)
- Remove CC-BY-SA license (the Tango WebUI images have been replaced by upstream).
* Mon Dec  1 2008 Peter Gordon  - 1.0.6-1
- Update to new upstream release (1.0.6)
- Adds Tango images to the WebUI data (CC-BY-SA) and some man pages.
- Properly mark translation files with %lang.
* Thu Nov 13 2008 Peter Gordon  - 1.0.5-1
- Update to new upstream release (1.0.5)
* Fri Oct 31 2008 Peter Gordon  - 1.0.4-1
- Update to new upstream release (1.0.4).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #505523 - CVE-2009-1760 rb_libtorrent: arbitrary file overwrite vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=505523
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update deluge' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce