[Bug 228138] New: CVE-2006-6979: amarok shell escaping issue

Sat Feb 10 08:54:59 UTC 2007

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228138

           Summary: CVE-2006-6979: amarok shell escaping issue
           Product: Fedora Extras
           Version: fc6
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: amarok
        AssignedTo: gauret at free.fr
        ReportedBy: ville.skytta at iki.fi
         QAContact: extras-qa at fedoraproject.org
                CC: fedora-security-list at redhat.com

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6979

"The ruby handlers in Amarok do not properly quote text in certain contexts,
probably including construction of an unzip command line, which allows attackers
to execute arbitrary commands via shell metacharacters."

Not clear to me which, if any, versions of amarok in FE or upstream are
affected.  The referenced bugs.kde.org entry is open and there are no comments
at the moment.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.