[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[SECURITY] Fedora 10 Update: deluge-1.1.9-1.fc10



--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-6760
2009-06-19 12:33:28
--------------------------------------------------------------------------------

Name        : deluge
Product     : Fedora 10
Version     : 1.1.9
Release     : 1.fc10
URL         : http://deluge-torrent.org/
Summary     : A GTK+ BitTorrent client with support for DHT, UPnP, and PEX
Description :
Deluge is a new BitTorrent client, created using Python and GTK+. It is
intended to bring a native, full-featured client to Linux GTK+ desktop
environments such as GNOME and XFCE. It supports features such as DHT
(Distributed Hash Tables), PEX (ĀµTorrent-compatible Peer Exchange), and UPnP
(Universal Plug-n-Play) that allow one to more easily share BitTorrent data
even from behind a router with virtually zero configuration of port-forwarding.

--------------------------------------------------------------------------------
Update Information:

Deluge 1.1.9 contains updated translations and fixes for a "move torrent" issue
(now only happens when the torrent has data downloaded), a folder renaming bug
(renaming a parent folder into multiple folders), and an issue with adding a
remote torrent in the WebUI.    This update also includes all upstream bug-fixes
and enhancements in versions 1.1.7 and 1.1.8 (which were skipped in this
package). For a full list of these changes, please see the upstream changelog:
http://dev.deluge-torrent.org/wiki/ChangeLog    In addition, the included copy
of rb_libtorrent has been updated to fix a potential directory traversal
vulnerability which would allow a remote attacker to create or overwrite
arbitrary files via a ".." (dot dot) and partial relative pathname in a
specially-crafted torrent.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 17 2009 Peter Gordon <peter thecodergeek com> - 1.1.9-1
- Update to new upstream bug-fix release (1.1.9), updates internal libtorrent
  copy to fix CVE-2009-1760 (#505523).
- Adds dependency on chardet for fixing lots of bugs with torrents
  which are not encoded as UTF-8.
- Add back the flags, in an optional -flags subpackage as per the new Flags
  policy (Package_Maintainers_Flags_Policy on the wiki).
- Add LICENSE and README to installed documentation.
* Tue Apr  7 2009 Peter Gordon <peter thecodergeek com> - 1.1.6-1
- Update to new upstream bug-fix release (1.1.6)
- Fix GPL version, add OpenSSL exception to License.
* Thu Mar 26 2009 Peter Gordon <peter thecodergeek com> - 1.1.5-1
- Update to new upstream bug-fix release (1.1.5)
* Tue Mar 10 2009 Peter Gordon <peter thecodergeek com> - 1.1.4-2
- Fix the installed location of the scalable (SVG) icon (#483443).
  + scalable-icon-dir.diff
* Mon Mar  9 2009 Peter Gordon <peter thecodergeek com> - 1.1.4-1
- Update to new upstream bug-fix release (1.1.4)
* Sun Feb 15 2009 Peter Gordon <peter thecodergeek com> - 1.1.3-1
- Update to new upstream bug-fix release (1.1.3)
* Sun Feb  1 2009 Peter Gordon <peter thecodergeek com> - 1.1.2-2
- Fix scalable icon directory ownership (#483443).
* Sat Jan 31 2009 Peter Gordon <peter thecodergeek com> - 1.1.2-1
- Update to new upstream bug-fix release (1.1.2)
* Fri Jan 16 2009 Peter Gordon <peter thecodergeek com> - 1.1.0-1
- Update to new upstream release (1.1.0 Final - yay!)
- Do not package the country flags data. (#479265)
* Tue Dec 16 2008 Peter Gordon <peter thecodergeek com> - 1.0.7-1
- Update to new upstream bug-fix release (1.0.7)
- Remove CC-BY-SA license (the Tango WebUI images have been replaced by upstream).
* Mon Dec  1 2008 Peter Gordon <peter thecodergeek com> - 1.0.6-1
- Update to new upstream release (1.0.6)
- Adds Tango images to the WebUI data (CC-BY-SA) and some man pages.
- Properly mark translation files with %lang.
* Thu Nov 13 2008 Peter Gordon <peter thecodergeek com> - 1.0.5-1
- Update to new upstream release (1.0.5)
* Fri Oct 31 2008 Peter Gordon <peter thecodergeek com> - 1.0.4-1
- Update to new upstream release (1.0.4).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #505523 - CVE-2009-1760 rb_libtorrent: arbitrary file overwrite vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=505523
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update deluge' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]