Fedora's version of Transmission should be updated to the new release, which closes a potential CSRF security hole for users who access Transmission via its Web Client. 1.61 is the latest release, and has the fix. 1.53 -- a new maintenance release of the 1.5x series -- also contains the fix. Both versions were released on May 11 2009.
This is public already via announcement on the upstream page: http://www.transmissionbt.com/ Upstream changeset seem to be: http://trac.transmissionbt.com/changeset/8358 http://trac.transmissionbt.com/changeset/8378/branches/1.5x Removing bug visibility restriction. No need to check 'Security Sensitive' for issues that are public already.
CVE-2009-1757: Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Releases download page: http://download.m0k.org/transmission/files/
http://koji.fedoraproject.org/koji/buildinfo?buildID=103155 https://fedorahosted.org/rel-eng/ticket/1868