Viewing all changes in revision 71.
- Committer: Charles Kerr
- Date: 2012-05-18 16:17:28 UTC
- Revision ID: charles.kerr@canonical.com-20120518161728-hzkkvpy1obxjbzi5
Upstream fix for https://trac.transmissionbt.com/ticket/4894 where the string used to build a multiscrape http request could sometimes not be properly zero terminated.
This can possibly append random memory from transmission to the end of the URI sent to the tracker. So for example this could disclose to the tracker the directory where the user is saving the files. This could be used to guess the user's system username if that path included it (such as, /home/username/Downloads).
This can possibly append random memory from transmission to the end of the URI sent to the tracker. So for example this could disclose to the tracker the directory where the user is saving the files. This could be used to guess the user's system username if that path included it (such as, /home/username/Downloads).
- files modified:
- libtransmission/announcer-http.c
expand all
collapse all
added
removed
