Date: Thu, 18 May 2017 22:31:47 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: Deluge: CVE-2017-9031: WebUI component: directory traversal vulnerability Hi CVE-2017-9031 was assigned for the following directory traversal issue in Deluge's WebUI: http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15 Quoting upstream announce: > Highly recommended to upgrade to this release as it contains a > directory traversal security fix that once again has the real > potential to compromise your machine. The related commit is: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd which gives more information about the issue: > [WebUI] Check render template files exist and raise 404 if not > - Check render/* requests match to .html files in the 'render' dir > - Protects against directory (path) traversal Additional reference: https://bugs.debian.org/862611 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.