Description of problem: Qbittorrent new version 4.1.8 has been published. Qbittorrent version is 4.1.6 in Mageia 7.1 Version-Release number of selected component (if applicable): Qbittorrent How reproducible: Go to Rpmdrake and check the Qbittorrent version. Qbittorrent version is 4.1.6 in Mageia 7.1 Steps to Reproduce: 1. Go to the official web Qbittorrent: "https://www.qbittorrent.org/news.php" and see the announcement of the new version 4.1.8. 2. Check the Mageia Qbittorrent version. 3. The Qbittorrent version of Mageia is outdated.
Thank you Jose for pointing this out. Assigning to the 'qbittorrent' registered maintainer to judge the matter.
Assignee: bugsquad => matteo.pasotti
Additionally, 4.1.7 fixed a security issue. openSUSE has issued an advisory for this on August 25: https://lists.opensuse.org/opensuse-updates/2019-08/msg00195.html
QA Contact: (none) => securityAssignee: matteo.pasotti => smelrorCC: (none) => matteo.pasottiComponent: RPM Packages => SecuritySummary: Qbittorrent new release update to 4.1.8 => Qbittorrent new release update to 4.1.8 (fixes CVE-2019-13640)Source RPM: Qbittorrent => qbittorrent-4.1.6-1.mga7.src.rpm
Done for mga7 updating to 4.1.9.1.
CC: (none) => geiger.david68210
Advisory: ======================== Updated qbittorrent packages fix security vulnerability: In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed (CVE-2019-13640). The qbittorrent package has been updated to version 4.1.9.1, fixing this issue and several others. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13640 https://www.qbittorrent.org/news.php https://lists.opensuse.org/opensuse-updates/2019-08/msg00195.html ======================== Updated packages in core/updates_testing: ======================== qbittorrent-4.1.9.1-1.mga7 qbittorrent-nox-4.1.9.1-1.mga7 from qbittorrent-4.1.9.1-1.mga7.src.rpm
Assignee: smelror => qa-bugsCC: (none) => smelror
Hi, I've installed the new version 4.1.9 in Mageia 7 Plasma Virtualbox x64. Works fine. The search, download and boot, works without problems. Greetings.
Whiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 4.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisory uploaded.
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0379.html
Status: NEW => RESOLVEDResolution: (none) => FIXED