Package: deluge
Version: 2.2.0-1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team
<[email protected]>
Dear Maintainer,
* What led up to the situation?
A call from my network admin, re "strange behavior from my machine"
* What exactly did you do (or not do) that was effective (or
ineffective)?
I used deluge for its intended purpose, via a magnet (this machine is
configured to only use IPv4)
Running a Torrent Address detection test (https://ipleak.net/) revealed two IP
addresses; both VPN address and my address on the LAN
running the same test with transmission-gtk produced only the expected VPN
address
* What was the outcome of this action?
I will not use or recommend deluge until i know this is resolved
* What outcome did you expect instead?
I expected deluge to use the VPN address
-- System Information:
Debian Release: 13.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.48+deb13-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages deluge depends on:
ii deluge-gtk 2.2.0-1
ii python3 3.13.5-1
ii python3-libtorrent 2.0.11-1
deluge recommends no packages.
deluge suggests no packages.
