Transmission 1.92 (2010/03/14) * Fix potential buffer overflow when adding maliciously-crafted magnet links
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0749
And CVE-2010-0749 fixed in this release too. Strange that they are blank at cvs.mitre.org, but filled in other places.
Tested on x86, seems to be ok.
x86 stable, thanks Andreas
amd64 stable.
ppc done; closing as last arch
Reopening since this is a security bug.
CVE-2010-1853 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1853): Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.
glsa request filed
GLSA 201006-06