Bug 843580 (CVE-2012-4037)

Summary: CVE-2012-4037 transmission: XSS flaw
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abdulkarimmemon, bct, charles, csonpatki, jspaleta, kumarpraveen.nitdgp, metherid, raghusiddarth, sanjay.ankur
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-12 16:40:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 843581    
Bug Blocks:    

Description Vincent Danen 2012-07-26 16:49:19 UTC 
Transmission 2.61 fixes an XSS flaw when processing maliciously crafted .torrent files.  It is reported to affect version 2.50 as well (currently in Fedora 17 testing), but does not seem to work with 2.42 as tested in Fedora 16.  Recommend upgrading to 2.61 in Fedora 17 and Rawhide.
Comment 1 Vincent Danen 2012-07-26 16:50:01 UTC 
Created transmission tracking bugs for this issue

Affects: fedora-17 [bug 843581]
Comment 2 Vincent Danen 2012-07-26 17:24:47 UTC 
Forgot to note the report on full-disclosure:

http://seclists.org/fulldisclosure/2012/Jul/348