See http://bugs.kde.org/show_bug.cgi?id=138499 , a malicious or compromised magnatune server could easily inject arbitrary shell commands on the client, when the client has registered for buying music. Thanks to Diego who will push a fixed ebuild.
Default conf + user complicity (B2), or non-default conf and without user complicity (C1). --> there will be a GLSA
1.4.5-r1 there and ready.
thanks diego :) hi arches, could you test and mark amarok-1.4.5-r1 stable, please, thanks
is there a preferred version of mogrel to stablize?
amarok together with libgpod and libmtp x86 stable
and mongrel 1.0 as 1.0.1 is in the tree for only 15 days
sparc stable.
I've just added ~ppc64 to 1.4.5-r1 so give it a few days before I mark it stable. how would I test the mongrel part of amarok by the way?
*** Bug 167530 has been marked as a duplicate of this bug. ***
amd64 (and a bunch of deps) stable.
ppc stable
ppc64 stable
yeah good, glsa then
GLSA 200703-11, thanks everybody