Red Hat Bugzilla – Bug 500278
CVE-2009-1757: transmission needs to be updated to 1.61 or 1.53 to close a CSRF security hole
Last modified: 2009-05-22 12:48:24 EDT
Fedora's version of Transmission should be updated to the new release, which closes a potential CSRF security hole for users who access Transmission via its Web Client.
1.61 is the latest release, and has the fix.
1.53 -- a new maintenance release of the 1.5x series -- also contains the fix.
Both versions were released on May 11 2009.
This is public already via announcement on the upstream page:
Upstream changeset seem to be:
Removing bug visibility restriction. No need to check 'Security Sensitive' for issues that are public already.
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5
before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the
authentication of unspecified victims via unknown vectors.
Releases download page: