** Changed in: hardy-backports
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/500625
Title:
Local file overwriting due to directory traversal
To manage notificati
** Branch linked: lp:ubuntu/transmission
--
Local file overwriting due to directory traversal
https://bugs.launchpad.net/bugs/500625
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.co
** Branch linked: lp:~transmissionbt/transmission/ppa-karmic
--
Local file overwriting due to directory traversal
https://bugs.launchpad.net/bugs/500625
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-
** Branch linked: lp:~kklimonda/ubuntu/lucid/transmission/lp.512391
--
Local file overwriting due to directory traversal
https://bugs.launchpad.net/bugs/500625
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Thanks, Chris, I'll do it correctly next time :-D That issue with the
official (not) support I know of – I don't speak C unfortunately, so I
won't try to copy the diff to that backports package or something ;)
--
Local file overwriting due to directory traversal
https://bugs.launchpad.net/bugs/50
Marian - for future reference, you click on "Also affects project", and
choose a difference project if the correct one is not selected by
default. Hardy backports are provided by the "hardy-backports" project.
I added a backports task to this bug for you, but like Jamie said, these
are not official
FTR: https://bugs.launchpad.net/hardy-backports/+bug/508178
(Jamie, I searched for a way to mark the bug as "also affects backports"
and didn't find one, so I just mentioned it here.)
--
Local file overwriting due to directory traversal
https://bugs.launchpad.net/bugs/500625
You received this bu
Marian, -backports are not officially supported and an update will not
be provided by the ubuntu-security team. I suggest you file a bug
requesting that ubuntu-backporters provide a backport.
--
Local file overwriting due to directory traversal
https://bugs.launchpad.net/bugs/500625
You received
This bug was fixed in the package transmission - 1.80~b1-0ubuntu2
---
transmission (1.80~b1-0ubuntu2) lucid; urgency=low
* SECURITY UPDATE: fix arbitrary file overwrite via crafted torrent file
- debian/patches/CVE-2010-0012.patch: adjust metainfo.c to check for '../'
- CVE-
Will there also be a fix for hardy's backports package? According to the
CVE's description it is also affected.
--
Local file overwriting due to directory traversal
https://bugs.launchpad.net/bugs/500625
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscrib
http://www.ubuntu.com/usn/USN-885-1
** Changed in: transmission (Ubuntu Hardy)
Status: Fix Committed => Fix Released
** Changed in: transmission (Ubuntu Intrepid)
Status: Fix Committed => Fix Released
** Changed in: transmission (Ubuntu Jaunty)
Status: Fix Committed => Fix R
Nice work Jamie!
--
Local file overwriting due to directory traversal
https://bugs.launchpad.net/bugs/500625
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.c
Hardy - Karmic are now building in the security PPA. I had to rewrite
the patch each of Hardy and Intrepid. Lucid will be uploaded after Alpha
2 freeze.
** Changed in: transmission (Ubuntu Intrepid)
Status: In Progress => Fix Committed
** Changed in: transmission (Ubuntu Jaunty)
Sta
** Changed in: transmission (Ubuntu Intrepid)
Importance: Undecided => Medium
--
Local file overwriting due to directory traversal
https://bugs.launchpad.net/bugs/500625
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
Intrepid confirmed when using a directory. Eg, if the torrent has:
../bad
../bad/foo
Then do on the affected client:
$ mkdir bad
$ echo "my data" > ./bad/foo
Then opening $HOME/Desktop/bad.torrent will overwrite 'foo'. This
doesn't seem to be a problem for Hardy, but I'm still investigating.
**
Well, they aren't at least affected in the same way. Charles, would it
be possible for you to confirm for Transmission 1.06 (hardy) and 1.34
(intrepid).
** Changed in: transmission (Ubuntu Intrepid)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: transmission (Ubuntu Har
Initial testing shows that Hardy and Intrepid aren't affected.
Transmission strips out the '/' in '../' for a file, and therefore the
file that is created using the above is $HOME/Desktop/..EVIL.
** Changed in: transmission (Ubuntu Hardy)
Status: New => Incomplete
** Changed in: transmissi
** Changed in: transmission (Ubuntu Karmic)
Status: New => In Progress
** Changed in: transmission (Ubuntu Jaunty)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: transmission (Ubuntu Karmic)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
Local fi
** Changed in: transmission (Ubuntu Jaunty)
Status: New => In Progress
--
Local file overwriting due to directory traversal
https://bugs.launchpad.net/bugs/500625
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mai
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0012
--
Local file overwriting due to directory traversal
https://bugs.launchpad.net/bugs/500625
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailin
CVE requested and vendors contacted: http://www.openwall.com/lists/oss-
security/2010/01/06/2
** Also affects: transmission (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: transmission (Ubuntu Intrepid)
Importance: Undecided
Status: New
** Also affects: tran
Jamie: yes, that's correct.
--
Local file overwriting due to directory traversal
https://bugs.launchpad.net/bugs/500625
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lis
Charles, is this the final commit to fix this issue:
http://trac.transmissionbt.com/changeset/9829/
** Visibility changed to: Public
** Changed in: transmission (Ubuntu)
Status: Triaged => In Progress
** Changed in: transmission (Ubuntu)
Assignee: Marc Deslauriers (mdeslaur) => Jamie
23 matches
Mail list logo
