-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-6760 2009-06-19 12:33:28 --------------------------------------------------------------------------------
Name : deluge Product : Fedora 10 Version : 1.1.9 Release : 1.fc10 URL : http://deluge-torrent.org/ Summary : A GTK+ BitTorrent client with support for DHT, UPnP, and PEX Description : Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT (Distributed Hash Tables), PEX (µTorrent-compatible Peer Exchange), and UPnP (Universal Plug-n-Play) that allow one to more easily share BitTorrent data even from behind a router with virtually zero configuration of port-forwarding. -------------------------------------------------------------------------------- Update Information: Deluge 1.1.9 contains updated translations and fixes for a "move torrent" issue (now only happens when the torrent has data downloaded), a folder renaming bug (renaming a parent folder into multiple folders), and an issue with adding a remote torrent in the WebUI. This update also includes all upstream bug-fixes and enhancements in versions 1.1.7 and 1.1.8 (which were skipped in this package). For a full list of these changes, please see the upstream changelog: http://dev.deluge-torrent.org/wiki/ChangeLog In addition, the included copy of rb_libtorrent has been updated to fix a potential directory traversal vulnerability which would allow a remote attacker to create or overwrite arbitrary files via a ".." (dot dot) and partial relative pathname in a specially-crafted torrent. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 17 2009 Peter Gordon <pe...@thecodergeek.com> - 1.1.9-1 - Update to new upstream bug-fix release (1.1.9), updates internal libtorrent copy to fix CVE-2009-1760 (#505523). - Adds dependency on chardet for fixing lots of bugs with torrents which are not encoded as UTF-8. - Add back the flags, in an optional -flags subpackage as per the new Flags policy (Package_Maintainers_Flags_Policy on the wiki). - Add LICENSE and README to installed documentation. * Tue Apr 7 2009 Peter Gordon <pe...@thecodergeek.com> - 1.1.6-1 - Update to new upstream bug-fix release (1.1.6) - Fix GPL version, add OpenSSL exception to License. * Thu Mar 26 2009 Peter Gordon <pe...@thecodergeek.com> - 1.1.5-1 - Update to new upstream bug-fix release (1.1.5) * Tue Mar 10 2009 Peter Gordon <pe...@thecodergeek.com> - 1.1.4-2 - Fix the installed location of the scalable (SVG) icon (#483443). + scalable-icon-dir.diff * Mon Mar 9 2009 Peter Gordon <pe...@thecodergeek.com> - 1.1.4-1 - Update to new upstream bug-fix release (1.1.4) * Sun Feb 15 2009 Peter Gordon <pe...@thecodergeek.com> - 1.1.3-1 - Update to new upstream bug-fix release (1.1.3) * Sun Feb 1 2009 Peter Gordon <pe...@thecodergeek.com> - 1.1.2-2 - Fix scalable icon directory ownership (#483443). * Sat Jan 31 2009 Peter Gordon <pe...@thecodergeek.com> - 1.1.2-1 - Update to new upstream bug-fix release (1.1.2) * Fri Jan 16 2009 Peter Gordon <pe...@thecodergeek.com> - 1.1.0-1 - Update to new upstream release (1.1.0 Final - yay!) - Do not package the country flags data. (#479265) * Tue Dec 16 2008 Peter Gordon <pe...@thecodergeek.com> - 1.0.7-1 - Update to new upstream bug-fix release (1.0.7) - Remove CC-BY-SA license (the Tango WebUI images have been replaced by upstream). * Mon Dec 1 2008 Peter Gordon <pe...@thecodergeek.com> - 1.0.6-1 - Update to new upstream release (1.0.6) - Adds Tango images to the WebUI data (CC-BY-SA) and some man pages. - Properly mark translation files with %lang. * Thu Nov 13 2008 Peter Gordon <pe...@thecodergeek.com> - 1.0.5-1 - Update to new upstream release (1.0.5) * Fri Oct 31 2008 Peter Gordon <pe...@thecodergeek.com> - 1.0.4-1 - Update to new upstream release (1.0.4). -------------------------------------------------------------------------------- References: [ 1 ] Bug #505523 - CVE-2009-1760 rb_libtorrent: arbitrary file overwrite vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=505523 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update deluge' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce