See http://bugs.kde.org/show_bug.cgi?id=138499 , a malicious or compromised magnatune server could easily inject arbitrary shell commands on the client, when the client has registered for buying music.
Thanks to Diego who will push a fixed ebuild.
Default conf + user complicity (B2), or non-default conf and without user complicity (C1). --> there will be a GLSA
1.4.5-r1 there and ready.
thanks diego :)
hi arches, could you test and mark amarok-1.4.5-r1 stable, please, thanks
is there a preferred version of mogrel to stablize?
amarok together with libgpod and libmtp x86 stable
and mongrel 1.0 as 1.0.1 is in the tree for only 15 days
I've just added ~ppc64 to 1.4.5-r1 so give it a few days before I mark it stable.
how would I test the mongrel part of amarok by the way?
*** Bug 167530 has been marked as a duplicate of this bug. ***
amd64 (and a bunch of deps) stable.
yeah good, glsa then
GLSA 200703-11, thanks everybody