Debian Security Advisory
DSA-1373-2 ktorrent -- directory traversal
- Date Reported:
- 11 Sep 2007
- Affected Packages:
- ktorrent
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2007-1799.
- More information:
-
It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable to a directory traversal bug which potentially allowed remote users to overwrite arbitrary files.
For the old stable distribution (sarge), this package was not present.
For the stable distribution (etch), this problem has been fixed in version 2.0.3+dfsg1-2.2etch1.
For the unstable distribution (sid), this problem has been fixed in version 2.2.1.dfsg.1-1.
We recommend that you upgrade your ktorrent package.
- Fixed in:
-
Debian GNU/Linux 4.0 alias etch
- Source:
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1.dsc
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1.diff.gz
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1.orig.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_arm.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_ia64.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_mipsel.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.