FS#57086 : [transmission-cli] "mitigate dns rebinding attacks against daemon #468"

FS#57086 - [transmission-cli] "mitigate dns rebinding attacks against daemon #468"

Attached to Project: Arch Linux
Opened by James (thx1138) - Saturday, 13 January 2018, 16:40 GMT
Last edited by Florian Pritz (bluewind) - Monday, 15 January 2018, 10:02 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Florian Pritz (bluewind) Levente Polyak (anthraxx)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
"mitigate dns rebinding attacks against daemon #468"
https://github.com/transmission/transmission/pull/468

Does this apply to transmission-qt? Or, only to transmission-cli?

This task depends upon

Closed by Florian Pritz (bluewind)
Monday, 15 January 2018, 10:02 GMT
Reason for closing: Fixed
Additional comments about closing: transmission-cli 2.92-8

Comment by Florian Pritz (bluewind) - Sunday, 14 January 2018, 10:23 GMT

The patch doesn't apply at all to the source of 2.92 and I'm not going to backport it. Just set a username/password if you run transmission with a daemon on localhost.

Comment by Levente Polyak (anthraxx) - Sunday, 14 January 2018, 22:51 GMT

security should come as default, not with special knowledge about issues...
It was literally just simple whitespace changes duo to reformatting and new style guidelines of putting return values into separate lines.... nvm here an attached patch that applies:

transmission-daemon-rce-fix.p... (10 KiB)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#57086 - [transmission-cli] "mitigate dns rebinding attacks against daemon #468"

Details

Loading...