1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1108843: qbittorrent: WebAPI, RSS and search modules security bugs

    From Christian Marillat@21:1/5 to Jonatan Nyberg on Sun Jul 6 07:30:01 2025
    On 06 juil. 2025 05:35, Jonatan Nyberg <[email protected]> wrote:

    Package: qbittorrent
    Version: 5.1.0-1
    Priority: serious
    Tags: security

    Hello,

    Hi,

    A new version 5.1.2 has been released with important security
    fixes. It includes security fixes for the WebAPI, RSS and search
    modules. Please upload it.

    These 'issues' aren't documented in the 5.1.2 Changelog:

    https://github.com/qbittorrent/qBittorrent/blob/release-5.1.2/Changelog

    I see no published security advisories CVE

    Also Debian security don't have any issues related to qbittorrent

    https://www.debian.org/security/

    Christian

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jonatan Nyberg@1:229/2 to All on Sun Jul 6 12:20:02 2025
    From: [email protected]

    This is a multi-part message in MIME format.
    Hi,

    How about this?

    - RSS/SEARCH: Prevent opening local files if web page is expected (glassez)

    Nevermind if you think there are no problems.
    Regards Jonatan Den 2025-07-06 kl. 08:20, skrev Christian Marillat:

    On 06 juil. 2025 05:35, Jonatan Nyberg<[email protected]> wrote:

    Package: qbittorrent
    Version: 5.1.0-1
    Priority: serious
    Tags: security

    Hello,
    Hi,

    A new version 5.1.2 has been released with important security
    fixes. It includes security fixes for the WebAPI, RSS and search
    modules. Please upload it.
    These 'issues' aren't documented in the 5.1.2 Changelog:

    https://github.com/qbittorrent/qBittorrent/blob/release-5.1.2/Changelog

    I see no published security advisories CVE

    Also Debian security don't have any issues related to qbittorrent

    https://www.debian.org/security/

    Christian
    <!DOCTYPE html>
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    </head>
    <body>
    <pre wrap="" class="moz-quote-pre">Hi,

    How about this?

    - RSS/SEARCH: Prevent opening local files if web page is expected (glassez)

    <span class="HwtZe" lang="en"><span class="jCAhz"><span class="ryNqvb">Nevermind</span></span></span> i<span
    class="HwtZe" lang="en"><span class="jCAhz"><span class="ryNqvb">f you think there are no problems.</span></span></span>
    <span style="white-space: normal">
    Regards
    Jonatan

    Den 2025-07-06 kl. 08:20, skrev Christian Marillat:</span></pre>
    <blockquote type="cite"
    cite="mid:[email protected]">
    <pre wrap="" class="moz-quote-pre">On 06 juil. 2025 05:35, Jonatan Nyberg <a class="moz-txt-link-rfc2396E" href="mailto:[email protected]">&lt;[email protected]&gt;</a> wrote:

    </pre>
    <blockquote type="cite">
    <pre wrap="" class="moz-quote-pre">Package: qbittorrent
    Version: 5.1.0-1
    Priority: serious
    Tags: security

    Hello,
    </pre>
    </blockquote>
    <pre wrap="" class="moz-quote-pre">
    Hi,

    </pre>
    <blockquote type="cite">
    <pre wrap="" class="moz-quote-pre">A new version 5.1.2 has been released with important security
    fixes. It includes security fixes for the WebAPI, RSS and search
    modules. Please upload it.
    </pre>
    </blockquote>
    <pre wrap="" class="moz-quote-pre">
    These 'issues' aren't documented in the 5.1.2 Changelog:

    <a class="moz-txt-link-freetext" href="https://github.com/qbittorrent/qBittorrent/blob/release-5.1.2/Changelog">https://github.com/qbittorrent/qBittorrent/blob/release-5.1.2/Changelog</a>

    I see no published security advisories CVE

    Also Debian security don't have any issues related to qbittorrent

    <a class="moz-txt-link-freetext" href="https://www.debian.org/security/">https://www.debian.org/security/</a>

    Christian
    </pre>
    </blockquote>
    </body>
    </html>

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)