Advisories » MGASA-2024-0359

Updated qbittorrent packages fix security vulnerabilities

Publication date: 12 Nov 2024
Modification date: 11 Nov 2024
Type: security
Affected Mageia releases : 9

Description

qBittorrent, on all platforms, did not verify any SSL certificates in
its DownloadManager class from 2010 until October 2024.
If it failed to verify a cert, it simply logged an error and proceeded.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33712
• https://www.openwall.com/lists/oss-security/2024/10/30/4
• https://www.openwall.com/lists/oss-security/2024/10/31/3

SRPMS

9/core

• qbittorrent-4.6.7-1.mga9