CVE-2017-6504 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6504): WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking.
@Maintainers 3.3.12 is already in tree, and should contain the fix, please call for stabilization when ready. Thank you
x86 stable
amd64 stable
arm ping
@arm, ping.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4cb500889429515d376449b7a7be7f7f2c695a1f commit 4cb500889429515d376449b7a7be7f7f2c695a1f Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-02-04 16:49:09 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-02-04 17:38:53 +0000 net-p2p/qbittorrent: Drop vulnerable <3.3.16 Stabilisation timeout. Closes: https://bugs.gentoo.org/636052 Package-Manager: Portage-2.3.24, Repoman-2.3.6 net-p2p/qbittorrent/Manifest | 3 -- net-p2p/qbittorrent/qbittorrent-3.3.10.ebuild | 55 ------------------------- net-p2p/qbittorrent/qbittorrent-3.3.12.ebuild | 58 --------------------------- 3 files changed, 116 deletions(-)
Cleanup done, I guess security can do their thing now.
(In reply to Andreas Sturmlechner from comment #7) > Cleanup done, I guess security can do their thing now. Thanks, Andreas! GLSA Vote: No