** Description changed: - I wanted to suggest disabling UPnP by default into the focal and jammy + I wanted to suggest disabling UPnP by default in the focal and jammy versions, since they're still under security maintenance. This setting was allowing attackers to run arbitrary executables via qbittorrent under the default settings and was fixed in 4.6.x and backported to 4.5.x. But focal and jammy are still using older versions. Here's the Github issue: https://github.com/qbittorrent/qBittorrent/issues/18731 These versions are still affected shown here: https://git.launchpad.net/ubuntu/+source/qbittorrent/tree/src/base/preferences.cpp?h=ubuntu/jammy- devel#n626 and https://git.launchpad.net/ubuntu/+source/qbittorrent/tree/src/base/preferences.cpp?h=ubuntu/focal- devel#n562 - The fix: https://github.com/qbittorrent/qBittorrent/pull/18832/files - (just removing the preprocessor ifs so it's default to off) + Fix: https://github.com/qbittorrent/qBittorrent/pull/18832/files + + The fix is just removing the preprocessor ifs so it's always default to + UPnP disabled. I believe you can just cherry pick this commit but I have + no idea how the Ubuntu repo tracks the Github repo. -- I am suggesting this because at least one person is still using an older LTS (presumably) and was directly affected by this: https://github.com/qbittorrent/qBittorrent/issues/18731#issuecomment-2196436674 NOTE that this affects packages qbittorrent and qbittorrent-nox
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2071493 Title: UPnP should be turned off by default on focal & jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qbittorrent/+bug/2071493/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs