28970 – libtorrent-rasterbar 1.2.13

Bug 28970 - libtorrent-rasterbar 1.2.13

Summary: libtorrent-rasterbar 1.2.13

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-05-26 19:07 CEST by David Walser
Modified:	2021-06-08 16:34 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	libtorrent-rasterbar-1.2.11-3.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-05-26 19:07:11 CEST

libtorrent-rasterbar 1.2.12 and 1.2.13 have been released on Jan 5 and Mar 28:
https://github.com/arvidn/libtorrent/releases/tag/v1.2.12
https://github.com/arvidn/libtorrent/releases/tag/v1.2.13

They fix a few security-relevant issues (SSRF and overflows).

We should update it for Mageia 8.

Comment 1 David GEIGER 2021-05-26 19:32:26 CEST

Done for mga8!

Comment 2 David Walser 2021-05-26 19:35:18 CEST

Advisory:
----------------------------------------

The libtorrent-rasterbar package has been updated to version 1.2.13, fixing
various bugs.  See the release announcements for details.

References:
https://github.com/arvidn/libtorrent/releases/tag/v1.2.12
https://github.com/arvidn/libtorrent/releases/tag/v1.2.13
----------------------------------------

Updated packages in core/updates_testing:
----------------------------------------
libtorrent-rasterbar10-1.2.13-1.mga8
python3-libtorrent-rasterbar-1.2.13-1.mga8
libtorrent-rasterbar-devel-1.2.13-1.mga8

from libtorrent-rasterbar-1.2.13-1.mga8.src.rpm

CC: (none) => geiger.david68210
Assignee: geiger.david68210 => qa-bugs

Comment 3 Thomas Andrews 2021-05-28 22:28:00 CEST

Used "urpmq --whatrequires-recursive" to learn what uses libtorrent-rasterbar, and come up with deluge, a Gtk+ client. So, using a VirtualBox Gnome guest, I installed the 64-bit version of Deluge, which brought in the two non-devel libtorrent-rasterbar rpms as dependencies.

Using qarepo, I updated the two non-devel libtorrent-rasterbar rpms, with no installation issues. Using Firefox, I went to https://www.publicdomaintorrents.info/ and selected the torrent for "Attack of the Giant Leeches" and instructed Firefox to open it with Deluge.

After my OK, Deluge downloaded the file. I looked at various information windows, and all looked normal to me, though (full disclosure) this was the first time I had used the application. When the file finished downloading Deluge starting seeding it. The downloaded file played normally in a video player. (Not the best movie I've ever seen. Maybe I should have selected "Destroy All Planets...")

All perfectly normal, no issues noted. Giving this an OK, and validating. Advisory in Comment 2.

CC: (none) => andrewsfarm, sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_update

Aurelien Oudelet 2021-06-05 10:02:13 CEST

Keywords: (none) => advisory
CC: (none) => ouaurelien

Comment 4 Mageia Robot 2021-06-08 16:34:24 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2021-0126.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.