openSUSE-SU-2017:1497-1

Описание

This update for deluge fixes two security issues:

• CVE-2017-9031: A remote attacker may have used a directory traversal vulnerability in the web interface (bsc#1039815)
• CVE-2017-7178: A remote attacher could have exploited a CSRF vulnerability to trick a logged-in user to perform actions in the WebUI (bsc#1039958)

In addition, deluge was updated to 1.3.15 with the following fixes and changes:

• Core: Fix issues with displaying libtorrent-rasterbar single proxy.
• Core: Fix libtorrent-rasterbar 1.2 trackers crashing Deluge UIs.
• Core: Fix an error in torrent priorities causing file priority mismatch in UIs.
• GtkUI: Fix column sort state not saved in Thinclient mode.
• GtkUI: Fix a connection manager error with malformed ip.
• GtkUI: Rename SystemTray/Indicator 'Pause/Resume All' to 'Pause/Resume Session'.
• GtkUI: Workaround libtorrent-rasterbar single proxy by greying out unused proxy types.
• Notification Plugin: Fix webui passing string for int port value.
• AutoAdd Plugin: Add WebUI preferences page detailing lack of configuration via WebUI.
• Label Plugin: Add WebUI preferences page detailing how to configure plugin.
• Core: Fix 'Too many files open' errors.
• Core: Add support for python-GeoIP for use with libtorrent 1.1.
• Core: Fix a single proxy entry being overwritten resulting in no proxy set.
• UI: Add the tracker_status translation to UIs.
• GtkUI: Strip whitespace from infohash before checks.
• GtkUI: Add a missed feature autofill infohash entry from clipboard.
• WebUI: Backport bind interface option for server.
• ConsoleUI: Fix a decode error comparing non-ascii (str) torrent names.
• AutoAdd Plugin: Fixes for splitting magnets from file.
• Remove the duplicate magnet extension when splitting.
• Remove deluge-libtorrent-1.1-geoip.patch: fixed upstream.