From Mageia wiki
MGASA-2012-0314
Date: | October 29th, 2012 |
Affected releases: | 2 |
Description:
Updated transmission packages fix security vulnerability:
Multiple cross-site scripting (XSS) vulnerabilities in the web client in
Transmission before 2.61 allow remote attackers to inject arbitrary web
script or HTML via the (1) comment, (2) created by, or (3) name field in
a torrent file (CVE-2012-4037).
Updated Packages:
transmission-daemon-2.51-1.2.mga2
transmission-cli-2.51-1.2.mga2
transmission-common-2.51-1.2.mga2
transmission-gtk-2.51-1.2.mga2
transmission-qt4-2.51-1.2.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4037
http://www.ubuntu.com/usn/usn-1584-1/
https://bugs.mageia.org/show_bug.cgi?id=7590