Package name
Advisory ID
Affected versions
2009.1 i586 , 2009.1 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in transmission:

Cross-site request forgery (CSRF) vulnerability in Transmission 1.5
before 1.53 and 1.6 before 1.61 allows remote attackers to hijack
the authentication of unspecified victims via unknown vectors

Directory traversal vulnerability in libtransmission/metainfo.c in
Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to
overwrite arbitrary files via a .. (dot dot) in a pathname within a
.torrent file (CVE-2010-0012).

The updated packages have been patched to correct these issues.

Updated packages

2009.1 i586

 0b4b88d4d793c3f7091163838002eb7f  2009.1/i586/transmission-1.51-1.1mdv2009.1.i586.rpm 
 900c75c6bf2f4bf67bf8a29a05f6c9da  2009.1/SRPMS/transmission-1.51-1.1mdv2009.1.src.rpm

2009.1 x86_64

 1d3e815ab686bd4c7643feee30dec820  2009.1/x86_64/transmission-1.51-1.1mdv2009.1.x86_64.rpm 
 900c75c6bf2f4bf67bf8a29a05f6c9da  2009.1/SRPMS/transmission-1.51-1.1mdv2009.1.src.rpm