A vulnerability in Deluge might allow remote attackers to execute arbitrary code.
|Package||net-p2p/deluge on all architectures|
|Affected versions||< 1.3.14|
|Unaffected versions||>= 1.3.14|
Deluge is a BitTorrent client.
A CSRF vulnerability was discovered in the web UI of Deluge.
A remote attacker could entice a user currently logged in into Deluge web UI to visit a malicious web page which uses forged requests to make Deluge download and install a Deluge plug-in provided by the attacker. The plug-in can then execute arbitrary code as the user running Deluge.
There is no known workaround at this time.
All Deluge users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-p2p/deluge-1.3.14"
March 28, 2017
March 28, 2017: 1