[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Backports-security-announce] Security update for transmission

Leo Costela and Josselin Mouette uploaded new packages for transmission
which fixed the following security problem:


        Dan Rosenberg discovered that Transmission, a lightweight client
        the Bittorrent filesharing protocol performs insufficient
        of file names specified in .torrent files. This could lead to
        overwrite of local files with the privileges of the user running
        Transmission if the user is tricked into opening a malicious

For the stable distribution (lenny), this problem has been fixed in
version 1.22-1+lenny2.

For the unstable distribution (sid), this problem has been fixed in
version 1.77-1.

For the lenny-backports distribution the problems have been fixed in
version 1.77-1~bpo50+1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>

We recommend to pin the backports repository to 200 so that new
versions of installed  backports will be installed automatically. 

  Package: *
  Pin: release a=lenny-backports
  Pin-Priority: 200

 .''`.      Josselin Mouette
: :' :
`. `'   “I recommend you to learn English in hope that you in
  `-     future understand things”  -- Jörg Schilling

Attachment: signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=

Reply to: