Security Information / 2017 / Security Information -- DSA-3856-1 deluge

Debian Security Advisory

DSA-3856-1 deluge -- security update

Date Reported:

18 May 2017

Affected Packages:

deluge

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-7178, CVE-2017-9031.

More information:

Two vulnerabilities have been discovered in the web interface of the Deluge BitTorrent client (directory traversal and cross-site request forgery).

For the stable distribution (jessie), these problems have been fixed in version 1.3.10-3+deb8u1.

For the unstable distribution (sid), these problems have been fixed in version 1.3.13+git20161130.48cedf63-3.

We recommend that you upgrade your deluge packages.