Date: Thu, 18 May 2017 22:31:47 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: Deluge: CVE-2017-9031: WebUI component: directory traversal vulnerability Hi CVE-2017-9031 was assigned for the following directory traversal issue in Deluge's WebUI: http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15 Quoting upstream announce: > Highly recommended to upgrade to this release as it contains a > directory traversal security fix that once again has the real > potential to compromise your machine. The related commit is: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd which gives more information about the issue: > [WebUI] Check render template files exist and raise 404 if not > - Check render/* requests match to .html files in the 'render' dir > - Protects against directory (path) traversal Additional reference: https://bugs.debian.org/862611 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ