Debian Security Advisory

DLA-897-1 qbittorrent -- LTS security update

Date Reported:
16 Apr 2017
Affected Packages:
qbittorrent
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2017-6503, CVE-2017-6504.
More information:
  • CVE-2017-6503

    WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.

  • CVE-2017-6504

    WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking.

For Debian 7 Wheezy, these problems have been fixed in version 2.9.8-1+deb7u1.

We recommend that you upgrade your qbittorrent packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS