Package: amarock Version: 1.4.4-2 Severity: grave Tags: patch, security CVE-2006-6980 says[1]:
"The ruby handlers in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters." There is an open KDE bug report[2], and SuSE has patched this problem. I'm working on extracting the patches now... [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6979 [2] http://bugs.kde.org/show_bug.cgi?id=138499 -- Kees Cook @outflux.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
