CVE-2009-1760

Publication date 11 June 2009

Last updated 24 July 2024

Ubuntu priority

Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libtorrent-rasterbar	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Ignored end of life
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

http://census-labs.com/news/2009/06/08/libtorrent-rasterbar/
https://www.cve.org/CVERecord?id=CVE-2009-1760