Your submission was sent successfully! Close

CVE-2010-0012

Published: 8 January 2010

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

Priority

Medium

Status

Package Release Status
transmission
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (1.06-0ubuntu6.1)
intrepid
Released (1.34-0ubuntu2.3)
jaunty
Released (1.51-0ubuntu3.1)
karmic
Released (1.75-0ubuntu2.2)
upstream
Released (1.77, 1.80beta3)
Patches:
upstream: http://trac.transmissionbt.com/changeset/9829/