Opened 15 years ago
Closed 15 years ago
#961 closed bug (Fixed)
Update libtorrent for CVE-2009-1760
Reported by: | rbu | Owned by: | andar |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | Unknown | Version: | 1.1.8 |
Keywords: | Cc: |
Description
Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.
advisory: http://census-labs.com/news/2009/06/08/libtorrent-rasterbar/
Change History (2)
comment:1 by , 15 years ago
comment:2 by , 15 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
1.1.9 has been released to address this.
Note:
See TracTickets
for help on using tickets.
This has been done in svn since we automatically sync from the libtorrent repository, but the fix was not included in the last release (1.1.8). I will be making the 1.1.9 release shortly to address this.