FS#57086 - [transmission-cli] "mitigate dns rebinding attacks against daemon #468"

Attached to Project: Arch Linux
Opened by James (thx1138) - Saturday, 13 January 2018, 16:40 GMT
Last edited by Florian Pritz (bluewind) - Monday, 15 January 2018, 10:02 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Florian Pritz (bluewind)
Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
"mitigate dns rebinding attacks against daemon #468"
https://github.com/transmission/transmission/pull/468

Does this apply to transmission-qt? Or, only to transmission-cli?
This task depends upon

Closed by  Florian Pritz (bluewind)
Monday, 15 January 2018, 10:02 GMT
Reason for closing:  Fixed
Additional comments about closing:  transmission-cli 2.92-8
Comment by Florian Pritz (bluewind) - Sunday, 14 January 2018, 10:23 GMT
The patch doesn't apply at all to the source of 2.92 and I'm not going to backport it. Just set a username/password if you run transmission with a daemon on localhost.
Comment by Levente Polyak (anthraxx) - Sunday, 14 January 2018, 22:51 GMT
security should come as default, not with special knowledge about issues...
It was literally just simple whitespace changes duo to reformatting and new style guidelines of putting return values into separate lines.... nvm here an attached patch that applies:

Loading...