[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of qbittorrent?

> Il 06 mar 2017 11:49 PM, Markus Koschany <apo@debian.org> ha scritto:
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of qbittorrent:
> https://security-tracker.debian.org/tracker/source-package/qbittorrent
>
> Would you like to take care of this yourself?

I was able to investigate this today. Wheezy shipped with qbittorrent
2.9.8-1. qbittorrent version 3.2.0, released May 10th 2015, saw a
major refactoring of the webui's code. From the changelog: [0]

>  FEATURE: WEBUI code rewritten, refactored and improved. (glassez, pmzqla, buinsky)

Reviewing the patches for both CVEs as well as the code shipped with
2.9.8, these fixes do not apply. While it's quite possible similar
issues may exist in Wheezy, the code base has changed significantly
enough to say that these specific bugs are not in Wheezy.

[0] https://www.qbittorrent.org/news.php

Thanks,

-- Andrew Starr-Bochicchio

   Debian Developer <http://qa.debian.org/developer.php?login=asb>
   Ubuntu Developer <https://launchpad.net/~andrewsomething>
   PGP/GPG Key ID: 3B56E2BBD53FDCB1
Reply to: