From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48718)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eZmgb-0003dn-8v
	for guix-patches@gnu.org; Thu, 11 Jan 2018 18:55:06 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eZmgY-00075V-45
	for guix-patches@gnu.org; Thu, 11 Jan 2018 18:55:05 -0500
Received: from debbugs.gnu.org ([208.118.235.43]:44804)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1eZmgX-00075O-V0
	for guix-patches@gnu.org; Thu, 11 Jan 2018 18:55:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eZmgX-0001LK-OJ
	for guix-patches@gnu.org; Thu, 11 Jan 2018 18:55:01 -0500
Subject: [bug#30082] [v2] gnu: transmission: Fix a DNS rebinding vulnerability
	that allows RCE.
Resent-Message-ID: <handler.30082.B30082.15157148875139@debbugs.gnu.org>
From: Marius Bakke <mbakke@fastmail.com>
In-Reply-To: <723dcdea4d11c70e1f7731b3abfdca424a930743.1515713957.git.leo@famulari.name>
References: <139e227515c0e99297951c92d498e3c01f34ccf4.1515712746.git.leo@famulari.name>
	<723dcdea4d11c70e1f7731b3abfdca424a930743.1515713957.git.leo@famulari.name>
Date: Fri, 12 Jan 2018 00:54:31 +0100
Message-ID: <87a7xkeytk.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Leo Famulari <leo@famulari.name>, 30082@debbugs.gnu.org

--=-=-=
Content-Type: text/plain

Leo Famulari <leo@famulari.name> writes:

> * gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/bittorrent.scm (transmission)[source]: Use it.

Holy!  LGTM, and thanks a lot for this extremely quick fix.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlpX+TcACgkQoqBt8qM6
VPpEkgf/Y6PSMEGm15HDAVe/DZtlw+s9umaxUzD7mJRd4nZiCU1bYM8/B4x/kAY9
s21S3TRc3JaYHUiGARwnl2MR3e4dhD1R/Sor49Wea3dDuTXVh6wkX8TQ0C1nEbRB
Do1yMyZWYE5XQyLURyLjR2iRihZ8riTi9ZaDe/t0ZxACibjJUaf2kxWjgqP9U+FM
Om5wiIar1TyLF+LYzDwT2IjHe7VcujcbG/NqyeKZqf4UK7n9n/jbbWtY0HHn5Ba8
jAgn8GOe+ZkVnZQGgutNP+SZGfUZXamUOUPE4IXmKiTkibLTtwmZKxIx5yVUlv1T
1pbFy7WZU7GjoPYBgtbjAxmXLf7diQ==
=Dey8
-----END PGP SIGNATURE-----
--=-=-=--