The exploit is patched in 2.93, and by a patch by Tavis Ormandy here: https://github.com/transmission/transmission/pull/468
Lots of trackers are banning this version of transmission, please update to latest version.
A commit references this bug:
Date: Wed Feb 28 21:09:37 UTC 2018
New revision: 463262
net-p2p/transmission-cli: Update to 2.93
- Includes DNS rebinding fix
- Fixes OpenSSL 1.1 compat
Note that the previous version was no longer vulnerable as FreeBSD had
patches, but this reports the correct version to trackers as some were
Bernard, sorry I forgot to credit you; I had actually done this work myself and was testing, but you still deserve credit. I'll follow up to the commit email.