Opened 12 years ago

Closed 12 years ago

#961 closed bug (Fixed)

Update libtorrent for CVE-2009-1760

Reported by: rbu Owned by: andar
Priority: major Milestone:
Component: Unknown Version: 1.1.8
Keywords: Cc:

Description

Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.

advisory: http://census-labs.com/news/2009/06/08/libtorrent-rasterbar/

patch: http://code.rasterbar.com/libtorrent/changeset/3580

Change History (2)

comment:1 Changed 12 years ago by andar

This has been done in svn since we automatically sync from the libtorrent repository, but the fix was not included in the last release (1.1.8). I will be making the 1.1.9 release shortly to address this.

comment:2 Changed 12 years ago by andar

  • Resolution set to fixed
  • Status changed from new to closed

1.1.9 has been released to address this.

Note: See TracTickets for help on using tickets.