[Secure-testing-team] Bug#886990: transmission: rpc session-id mechanism design flaw results in RCE
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 12 10:16:10 UTC 2018
Source: transmission
Version: 2.92-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/transmission/transmission/pull/468
Hi
See the post on oss-security for details:
http://www.openwall.com/lists/oss-security/2018/01/11/1
Upstream: https://github.com/transmission/transmission/pull/468
Proposed patch: https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff
Regards,
Salvatore
More information about the Secure-testing-team
mailing list