Fedora alert FEDORA-2009-6547 (rb_libtorrent)
| From: | updates@fedoraproject.org | |
| To: | fedora-package-announce@redhat.com | |
| Subject: | [SECURITY] Fedora 10 Update: rb_libtorrent-0.13.1-5.fc10 | |
| Date: | Sat, 27 Jun 2009 02:50:04 +0000 | |
| Message-ID: | <20090627025004.0FAF110F8A7@bastion2.fedora.phx.redhat.com> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-6547 2009-06-18 10:59:17 -------------------------------------------------------------------------------- Name : rb_libtorrent Product : Fedora 10 Version : 0.13.1 Release : 5.fc10 URL : http://www.rasterbar.com/products/libtorrent/ Summary : A C++ BitTorrent library aiming to be the best alternative Description : rb_libtorrent is a C++ library that aims to be a good alternative to all the other BitTorrent implementations around. It is a library and not a full featured client, although it comes with a few working example clients. Its main goals are to be very efficient (in terms of CPU and memory usage) as well as being very easy to use both as a user and developer. -------------------------------------------------------------------------------- Update Information: This release adds an upstream patch to fix a directory traversal vulnerability which would allow a remote attacker to create or overwrite arbitrary files via a ".." (dot dot) and partial relative pathname in a specially-crafted torrent. -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 14 2009 Peter Gordon <peter@thecodergeek.com> - 0.13.1-5 - Apply upstream patch to fix CVE-2009-1760 (arbitrary file overwrite vulnerability): + 0.13-CVE-2009-1760.diff - Fixes security bug #505523. * Mon Jan 5 2009 Peter Gordon <peter@thecodergeek.com> - 0.13.1-4 - Add asio-devel as runtime dependency for the devel subpackage (#478589) * Thu Nov 20 2008 Peter Gordon <peter@thecodergeek.com> - Update Source0 URL, for now. -------------------------------------------------------------------------------- References: [ 1 ] Bug #505523 - CVE-2009-1760 rb_libtorrent: arbitrary file overwrite vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=505523 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update rb_libtorrent' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...