Mageia alert MGASA-2012-0314 (transmission) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0314: transmission-2.51-1.2.mga2
 (2/core) 
Date:
    	       Mon, 29 Oct 2012 18:39:46 +0100
Message-ID:
    	       <20121029173946.GA15335@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2012-0314
Date: 	October 29th, 2012
Affected releases: 	2


Description:
Updated transmission packages fix security vulnerability:

Multiple cross-site scripting (XSS) vulnerabilities in the web client in
Transmission before 2.61 allow remote attackers to inject arbitrary web
script or HTML via the (1) comment, (2) created by, or (3) name field in
a torrent file (CVE-2012-4037).


Updated Packages:
transmission-daemon-2.51-1.2.mga2
transmission-cli-2.51-1.2.mga2
transmission-common-2.51-1.2.mga2
transmission-gtk-2.51-1.2.mga2
transmission-qt4-2.51-1.2.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4037
http://www.ubuntu.com/usn/usn-1584-1/
https://bugs.mageia.org/show_bug.cgi?id=7590
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)