Updated qbittorrent packages fix security vulnerability
Publication date: 13 Dec 2019Modification date: 13 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-13640
Description
In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed (CVE-2019-13640). The qbittorrent package has been updated to version 4.1.9.1, fixing this issue and several others.
References
SRPMS
7/core
- qbittorrent-4.1.9.1-1.mga7