Fedora has issued an advisory today (May 20):
The issue is fixed upstream in 3.00.
Fedora backported a patch to 2.94:
Mageia 7 is also affected.
Patch available from Fedora
Done for both Cauldron and mga7!
Updated transmission packages fix security vulnerability:
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows
remote attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a crafted torrent file (CVE-2018-10756).
Updated packages in core/updates_testing:
Patch available from Fedora =>
CheeseEBoi reports that the update worked for him on mageia 7 x64:
<CheeseEBoi> rindolf: hey so I'm trying to see about doing some QA for the rcent transmission updates but I don't have access to the whiteboard of the bug. Am I missing something here?
<rindolf> CheeseEBoi: hi
<rindolf> CheeseEBoi: it may require bugzilla privileges
<CheeseEBoi> rindolf: yeah that's what I thought
<CheeseEBoi> rindolf: but it is still a requirement for graduation, so how do I get them?
<rindolf> CheeseEBoi: we can do it for you
<CheeseEBoi> rindolf: oh okay. So what should I do for that? To give some info, the update installed correctly and I did a test torrent and everything seemed fine.
<rindolf> CheeseEBoi: ah
<rindolf> CheeseEBoi: what is the bug url?
<CheeseEBoi> rindolf: https://bugs.mageia.org/show_bug.cgi?id=26656
<CheeseEBoi> rindolf: I can comment all that info too, I guess
<CheeseEBoi> rindolf: but I cannot add MGA7-64-OK to the whiteboard
Validating. Advisory in Comment 2.
CheesEBoi, we'll see if we can get you those editing privileges. QA needs all the help we can get!
Editing privileges granted for Elliot. Thanks for helping out.
Thank you both!
An update for this issue has been pushed to the Mageia Updates repository.