Bryan Burns of Juniper networks found 2 security vulnerabilities in KTorrent. These have now been fixed in the 2.1.2 release.

This is just 2.1.1 with these 2 fixes. It would be advisable to upgrade.

How severe are they? How worried should I be using kTorrent 2.1 for a couple of weeks ahead?

Personally I don't think they are that bad.

One is just the fact that we accepted .. in paths of filenames.

So you could have multifile torrents with the following files :
../../foo/bar/avi

That's not really dangerous and you can easily see that when you get to the file selection dialog. You could overwrite some files, but not system files (provided you are not running as root).

The other is a problem where we accepted have messages with bogus chunk indexes. I'm not really convinced if this can be exploited, but I'm no hacker.

The first bug is much more concerning than the second (I too am no hacker), but one can more or less brute-force #1 to install bashrc's with bogus paths... and on a 100-file torrent people will not look thru all the files


In any case, 2.1.2 candidate packages are up for review in Feisty, I am currently cranking out Edgy and Dapper variants of them, expect packages in about 30 minutes.

Edgy:
http://buntudot.org/people/~jdong/ktorr ... 1_i386.deb

Dapper:
http://buntudot.org/people/~jdong/ktorr ... 1_i386.deb

I don't like in new KTorrnet version, that you remove the Downloads | Uploads | Search !
They were very cool. . .but now. . .with this section Groups...bad
I'm still with 2.0.3 and I will now upgrade...
Please, just make plugin that enable these tabs!
Now ktorrent is ugly!

That has already been addressed in the SVN version.

Ok, update on the Ubuntu packaging situation:

(1) Kubuntu and Ubuntu leaders are not interested in the 2.1.1 or 2.1.2 bugfix releases being in Feisty, because of the magnitude of changes

(2) The 2.1.2 security fixes have been backported for every Ubuntu release from breezy to feisty! So users are safe in the security sense.

(3) Edgy and Dapper users can use the packages I posted above if they really want a 2.1.2.

(4) Feisty will get 2.1.2 from me when the development slows down a bit (i.e. Beta or RC release)

(5) When Feisty+1's development repositories open (like a week after Feisty's release), I will begin the backporting process of official 2.1.2 packages.

Thanks for posting those debs! I know we can all build from source, but it's just so much easier when projects post compiles like you guys do.

Thanx!!!
ABCDEFGHIGKLMNOPQRSTVUWXYZ

What about the newest version? Any new feature?

0atorrent wrote:What about the newest version? Any new feature?

Plenty of new features

I discuss my feelings with someone.
http://www.google.com

This is understandable,But as I see it sounds like its about network to enclosed.

...............
Sithara

Debt Consolidation

I don't like in new KTorrnet version, that you remove the Downloads | Uploads | Search !
They were very cool. . .but now. . .with this section Groups...bad Sad
I'm still with 2.0.3 and I will now upgrade...
Please, just make plugin that enable these tabs!
Now ktorrent is ugly!

Heh. As for me, ktorrent is the best

-------------------------------
Full Version
DVDFab Platinum 5.2 keygen
Internet Download Manager 5.15 keygen