Security update for qbittorrent SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:0358-1 Final 1 1 2024-11-08T15:01:42Z current 2024-11-08T15:01:42Z 2024-11-08T15:01:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qbittorrent This update for qbittorrent fixes the following issues: - Update to version 5.0.1 (fixes boo#1232731 CVE-2024-51774) Added features: * Add 'Simple pread/pwrite' disk IO type Bug fixes: * Don't ignore SSL errors (boo#1232731 CVE-2024-51774) * Don't try to apply Mark-of-the-Web to nonexistent files * Disable 'Move to trash' option by default * Disable the ability to create torrents with a piece size of 256MiB * Allow to choose Qt style * Always notify user about duplicate torrent * Correctly handle 'torrent finished after move' event * Correctly apply filename filter when `!qB` extension is enabled * Improve color scheme change detection * Fix button state for SSL certificate check Web UI: * Fix CSS that results in hidden torrent list in some browsers * Use proper text color to highlight items in all filter lists * Fix 'rename files' dialog cannot be opened more than once * Fix UI of Advanced Settings to show all settings * Free resources allocated by web session once it is destructed Search: * Import correct libraries Other changes: * Sync flag icons with upstream The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2024-358 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EAPEFFISOQ6DXWX2VVALFRSBJ6TO56JQ/ E-Mail link for openSUSE-SU-2024:0358-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1232731 SUSE Bug 1232731 https://www.suse.com/security/cve/CVE-2024-51774/ SUSE CVE CVE-2024-51774 page SUSE Package Hub 15 SP6 openSUSE Leap 15.6 qbittorrent-5.0.1-bp156.3.6.1 qbittorrent-nox-5.0.1-bp156.3.6.1 qbittorrent-5.0.1-bp156.3.6.1 as a component of SUSE Package Hub 15 SP6 qbittorrent-nox-5.0.1-bp156.3.6.1 as a component of SUSE Package Hub 15 SP6 qbittorrent-5.0.1-bp156.3.6.1 as a component of openSUSE Leap 15.6 qbittorrent-nox-5.0.1-bp156.3.6.1 as a component of openSUSE Leap 15.6 qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors. CVE-2024-51774 SUSE Package Hub 15 SP6:qbittorrent-5.0.1-bp156.3.6.1 SUSE Package Hub 15 SP6:qbittorrent-nox-5.0.1-bp156.3.6.1 openSUSE Leap 15.6:qbittorrent-5.0.1-bp156.3.6.1 openSUSE Leap 15.6:qbittorrent-nox-5.0.1-bp156.3.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EAPEFFISOQ6DXWX2VVALFRSBJ6TO56JQ/ https://www.suse.com/security/cve/CVE-2024-51774.html CVE-2024-51774 https://bugzilla.suse.com/1232731 SUSE Bug 1232731