Mailinglist Archive: opensuse-bugs (4284 mails)

< Previous Next >
[Bug 1039815] New: VUL-1: CVE-2017-9031: deluge: webUI: directory traversal vulnerability
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Thu, 18 May 2017 21:23:00 +0000
  • Message-id: <>

Bug ID: 1039815
Summary: VUL-1: CVE-2017-9031: deluge: webUI: directory
traversal vulnerability
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

CVE-2017-9031 was assigned for the following directory traversal issue
in Deluge's WebUI:

Quoting upstream announce:

Highly recommended to upgrade to this release as it contains a
directory traversal security fix that once again has the real
potential to compromise your machine.

The related commit is:

which gives more information about the issue:

[WebUI] Check render template files exist and raise 404 if not
- Check render/* requests match to .html files in the 'render' dir
- Protects against directory (path) traversal

Additional reference:







1.3.13 (42.2, official repo)
1.3.14 (42.3, TW, official repo)

You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
Follow Ups