Summary: | <net-p2p/qbittorrent-4.5.2: Possible path traversal vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | eschwartz93, joe, proxy-maint, slashbeast |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/qbittorrent/qBittorrent/pull/18626 https://github.com/qbittorrent/qBittorrent/issues/18618 https://github.com/gentoo/gentoo/pull/29864 https://github.com/gentoo/gentoo/pull/30924 |
||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 905459 | ||
Bug Blocks: |
Description
Sam James
2023-03-01 00:57:56 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9149a2e696c66a4bda804fcf44c0ec6b3bf75d9a commit 9149a2e696c66a4bda804fcf44c0ec6b3bf75d9a Author: Joe Kappus <joe@wt.gd> AuthorDate: 2023-03-01 01:42:59 +0000 Commit: Piotr Karbowski <slashbeast@gentoo.org> CommitDate: 2023-03-01 22:33:58 +0000 net-p2p/qbittorrent: add 4.5.2 Bug: https://bugs.gentoo.org/898508 Signed-off-by: Joe Kappus <joe@wt.gd> Closes: https://github.com/gentoo/gentoo/pull/29864 Signed-off-by: Piotr Karbowski <slashbeast@gentoo.org> net-p2p/qbittorrent/Manifest | 1 + net-p2p/qbittorrent/qbittorrent-4.5.2.ebuild | 103 +++++++++++++++++++++++++++ 2 files changed, 104 insertions(+) For future reference, feel free to merge pull requests or do other related changes as you see fit without even waiting for me, especially when it comes to security. I am usually around on weekends and hardly rbrt during weekdays, and I rather not leave such bugs to rot. This applies as much to this package as to any other where I am the singular listed maintainer, same goes for jumping as another maintainer of packages where there's only me listed. Please cleanup I added a PR to remove the old versions. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d42b296008284e6badec71a7ef1dd133540b8fa6 commit d42b296008284e6badec71a7ef1dd133540b8fa6 Author: Joe Kappus <joe@wt.gd> AuthorDate: 2023-05-07 20:49:18 +0000 Commit: Piotr Karbowski <slashbeast@gentoo.org> CommitDate: 2023-05-08 05:49:11 +0000 net-p2p/qbittorrent: drop 4.4.5-r2, 4.5.1 Remove vulnerable versions. Bug: https://bugs.gentoo.org/898508 Signed-off-by: Joe Kappus <joe@wt.gd> Closes: https://github.com/gentoo/gentoo/pull/30924 Signed-off-by: Piotr Karbowski <slashbeast@gentoo.org> net-p2p/qbittorrent/Manifest | 2 - net-p2p/qbittorrent/qbittorrent-4.4.5-r2.ebuild | 103 ------------------------ net-p2p/qbittorrent/qbittorrent-4.5.1.ebuild | 103 ------------------------ 3 files changed, 208 deletions(-) |