Multiple security issues were found in qbittorrent and fixed in the latest version.
CVE-2017-6503 - WebUI in qBittorrent before 3.3.11 did not escape many values, which
could potentially lead to XSS.
CVE-2017-6504 - WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options
header, which could potentially lead to clickjacking.
Above you referenced the smae commit for both CVE-2017-6503 and CVE-2017-6504. I think the one for CVE-2017-6504 is
can you please update the reference?
(In reply to Salvatore Bonaccorso from comment #1)
> Hi Andrej
> Above you referenced the smae commit for both CVE-2017-6503 and
> CVE-2017-6504. I think the one for CVE-2017-6504 is
> can you please update the reference?
Thanks for catching this! I indeed made a mistake and linked to the same patch twice. Fixed now.
Created qbittorrent tracking bugs for this issue:
Affects: epel-7 [bug 1429835]
Affects: fedora-all [bug 1429836]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.