Bug 166901 - media-sound/amarok: remote exec of arbitrary code from a malicious server
|
Bug#:
166901
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: falco@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6979
|
|
Summary: media-sound/amarok: remote exec of arbitrary code from a malicious server
|
|
Keywords:
|
|
Status Whiteboard: C1 or B2 [glsa]
|
|
Opened: 2007-02-14 20:37 0000
|
See http://bugs.kde.org/show_bug.cgi?id=138499 , a malicious or compromised
magnatune server could easily inject arbitrary shell commands on the client,
when the client has registered for buying music.
Thanks to Diego who will push a fixed ebuild.
Default conf + user complicity (B2), or non-default conf and without user
complicity (C1). --> there will be a GLSA
1.4.5-r1 there and ready.
thanks diego :)
hi arches, could you test and mark amarok-1.4.5-r1 stable, please, thanks
is there a preferred version of mogrel to stablize?
amarok together with libgpod and libmtp x86 stable
and mongrel 1.0 as 1.0.1 is in the tree for only 15 days
I've just added ~ppc64 to 1.4.5-r1 so give it a few days before I mark it
stable.
how would I test the mongrel part of amarok by the way?
*** Bug 167530 has been marked as a duplicate of this bug. ***
amd64 (and a bunch of deps) stable.
GLSA 200703-11, thanks everybody
