2017-08-24
ALT-BU-2017-3316-1
Branch sisyphus update bulletin.
Package cyrus-imapd updated to version 2.5.11-alt3 for branch sisyphus in task 187404.
Closed bugs
httpd.8.xz из apache2-base-2.4.27 конфликтует с таким же файлом из cyrus-imapd-2.5.9
Package alterator-net-functions updated to version 2.0.2-alt1 for branch sisyphus in task 187409.
Closed bugs
Alterator не принимает DNS-адреса, которые заканчиваются нулём
Package qbittorrent updated to version 3.3.15-alt1 for branch sisyphus in task 187372.
Closed vulnerabilities
Published: 2017-03-06
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2017-6503
WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (6.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
- http://www.securityfocus.com/bid/96758
- https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16
- https://www.qbittorrent.org/news.php
- http://www.securityfocus.com/bid/96758
- https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16
- https://www.qbittorrent.org/news.php
Published: 2017-03-06
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2017-6504
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (6.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References: