[SECURITY] [DLA 897-1] qbittorrent security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : qbittorrent
Version : 2.9.8-1+deb7u1
CVE ID : CVE-2017-6503 CVE-2017-6504
CVE-2017-6503
WebUI in qBittorrent before 3.3.11 did not escape many values,
which could potentially lead to XSS.
CVE-2017-6504
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options
header, which could potentially lead to clickjacking.
For Debian 7 "Wheezy", these problems have been fixed in version
2.9.8-1+deb7u1.
We recommend that you upgrade your qbittorrent packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJY86XLXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHnogQAKO2T/Bb+oy+g0Lirs1CtWHJ
oH2Z50yT0qXY4WBa7TFPjIX/UDksimscaU+mhaMTa/DzG4UigOKo3ebNiv0BH/IH
dvcSw70FB2NF28SFHl9be9H7WjLHUKWlC8r4sqFGlJ29hHQXnJYiRoa6qZ7Azs4i
pd2T07HdugIiKeZ7JmI8Q/fZmpwjXdkxHWX1E4U9QIEemRrnBhtR32gkBFxZ1jf3
hHVA9+xbV/vsUAQy5yzIgpEw/jlMr4ZkMwr6awyOWl0NgCta9yRbEfm495+0NA3m
Z76zoUM4A3UxQW7vvz+kTp0F+MvABwiUEyOSkVLlBJhyVtYpiuhKIHSKfkV+bWJW
KF4JCzTKxvI2UM9cXas9m5XDEAJBdZq84E3/X42gLZ27wmUh45rmPQvvsr11nsPV
1reTPK9QW2CVVaHvj2laa4W8wmPI0PiVnup2348Mi7DKTzTgdRafne+13xCM4NKh
gonZNkdynKYkodVgdhbyERxAOftcBP97V5xUs9iMGaRoiS8sCLeD9OzZqS5wRsOq
oNbYqJCG4/HfV/rAJhu1fZ4rYDZvW3b4VfMSf+M8BngFfK+ZbxPTnAXjWTrFY6gf
e+XFbWe2FGCsr8t3DJK0Qd5CZSFMui3ACixmdG9Afjd/305H+8cGW2K+SS8CXo2z
nLL0DVKvekM1JK6/aZQ/
=RlXr
-----END PGP SIGNATURE-----
Reply to: