Fedora Core 10 FEDORA-2009-6760 (deluge)

The remote host is missing an update to deluge announced via advisory FEDORA-2009-6760.

Update Information: Deluge 1.1.9 contains updated translations and fixes for a move torrent issue (now only happens when the torrent has data downloaded), a folder renaming bug (renaming a parent folder into multiple folders), and an issue with adding a remote torrent in the WebUI. This update also includes all upstream bug-fixes and enhancements in versions 1.1.7 and 1.1.8 (which were skipped in this package). For a full list of these changes, please see the upstream changelog: http://dev.deluge-torrent.org/wiki/ChangeLog In addition, the included copy of rb_libtorrent has been updated to fix a potential directory traversal vulnerability which would allow a remote attacker to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a specially-crafted torrent. ChangeLog: * Wed Jun 17 2009 Peter Gordon - 1.1.9-1 - Update to new upstream bug-fix release (1.1.9), updates internal libtorrent copy to fix CVE-2009-1760 (#505523). - Adds dependency on chardet for fixing lots of bugs with torrents which are not encoded as UTF-8. - Add back the flags, in an optional -flags subpackage as per the new Flags policy (Package_Maintainers_Flags_Policy on the wiki). - Add LICENSE and README to installed documentation.

Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update deluge' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6760