| Release | Version |
|---|---|
| jessie | 3.1.10-1 |
| stretch | 3.3.7-3+deb9u1 |
| buster | 4.1.5-1+deb10u1 |
| bullseye | 4.2.5-0.1 |
| bookworm | 4.5.2-3+deb12u1 |
| trixie | 5.0.1-1 |
| sid | 5.0.2-1 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-51774 | vulnerable | vulnerable | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | qBittorrent before 5.0.1 proceeds with use of https URLs even after ce ... |
| CVE-2017-6504 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options hea ... |
| CVE-2017-6503 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | WebUI in qBittorrent before 3.3.11 did not escape many values, which c ... |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-30801 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | All versions of the qBittorrent client through 4.5.5 use default crede ... |
| Bug | Description |
|---|---|
| CVE-2019-13640 | In qBittorrent before 4.1.7, the function Application::runExternalProg ... |
| CVE-2017-15011 | The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and S ... |
| DSA / DLA | Description |
|---|---|
| DSA-4650-1 | qbittorrent - security update |
| DLA-897-1 | qbittorrent - security update |