I forgot to mark this as a security vulnerability as there was a fixed potential Denial of Service vulnerability in the current version of Transmission. Could someone fix that for me?
** This bug has been flagged as a security issue ** Description changed: Binary package hint: transmission The version of Transmission in the default (selected on default ubuntu installation) repositories is version 1.34, which hasn't been updated since September 17, 2008 regardless of the fact that there were several releases since then, a few of which were specifically aimed at the Ubuntu operating system. There is however, a current version .deb package available in the stable transmission repositories. [https://launchpad.net/~transmissionbt/+archive/ppa] This should be copied into the default repositories and distributed as a system update, as many major improvements have been made since version 1.34 -- almost 6 months worth of work! List of changes since current repository version (taken directly from http://www.transmissionbt.com/): In version 1.40: * Tracker communication uses fewer resources * More accurate bandwidth limits * Reduce disk fragmentation by preallocating files * Better stability, security, and performance in the Web UI and RPC server * Support compression when serving Web UI and RPC responses * Simplify the RPC whitelist * Fix bug that prevented handshakes with encrypted BitComet peers * Fix 1.3x bug that could re-download some data unnecessarily * Lazy bitfields * Option to automatically update the blocklist weekly * Added off-hour bandwidth scheduling * Simplify file/priority selection in the details dialog * Fix a couple of crashes * 5 new translations: Australian, Basque, Kurdish, Kurdish (Sorani), Malay * 43 updated translations * The Web Client is now out of beta * Minor display fixes (Web Client) * On iPhone/iPod touch, launching from the home screen hides the address bar (Web Client) In version 1.42 * Better peer management * Support BitTorrent Enhancement Proposal (BEP) #21 "Extension for Partial Seeds" * Partial support for BEP #6 "Fast Extension" (reject, have all/none) * Honor the peer's BEP #10 reqq key, when available * Fix 1.40 "Got HTTP Status Code: 0" error message * Fix 1.40 "lazy bitfield" error * Fix 1.40 "jumpy upload speed" bug * More accurate bandwidth measurement and allocation * Fix handshake peer_id error * Correctly handle Windows-style newlines in Bluetack blocklists * File selection & priority was reset when editing a torrent's tracker list * Fix autoconf/automake build warnings * In the Details dialog's peer tabs, rows were sometimes duplicated * Minor bugfixes, usability changes, and locale improvements * Three new translations: Afrikaans, Asturian, Bosnian * Sixteen updated translations In version 1.50: * IPv6 support for peers, and for trackers with explicit IPv6 addresses * Improved connectivity for encrypted peers * Fix 1.42 error that made tracker announces slower over time * Fix a Mac-centric peer connection bug from 1.41 * Use less CPU cycles when managing very fast peers * Better handling of non-UTF-8 torrent files * When removing local data, only remove data from the torrent * Close potential DoS vulnerability in 1.41 * Many other bugfixes * Various usability improvements * Better Gnome HIG compliance in the statusbar, properties dialog, and more * Torrents can now be added by URL (Web Client) * Add the ability to "remove local data" from the web client And in the current version 1.51: * Fix configure script issues with non-gcc compilers and user-defined CFLAGS environment variables * Decrease CPU usage in some situations * Close a rare race condition on startup * More efficient use of libcurl when curl 7.18.0 or newer is present * Play nicely with Ubuntu's new notification server * Add Pause All and Resume All buttons * Support for Internet Explorer (Web Client) * Layout fixes when viewed on an iPhone/iPod touch (Web Client) + + EDIT: This could also be considered a "Security Vulnerability", as a + potential Denial of Service attack was fixed in a version newer than + that in the repositories. (See Version 1.50) -- latest verson of transmission bittorrent client is not available in the default repositories https://bugs.launchpad.net/bugs/343029 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
