Ubuntu
kdelibs package

Comment 0 for bug 11565

Revision history for this message

In Debian Bug tracker #285128, Joey Hess (joeyh) wrote on 2004-12-10:

Package: konqueror
Version: 3.3.1
Tags: security
Severity: serious

CAN-2004-1165 is about a security hole in konqueror that allows
arbitrary ftp commands to be inserted in a URL via URL-encoded newlines.
Details about this hole are here:
http://marc.theaimsgroup.com/?l=bugtraq&m=110245752232681&w=2

The advisory says that it affects version >= 3.3.1, so perhaps our
3.2.3-1/2.3.3-1 in t-p-u/testing are not vulnerable. I've not checked.

--
see shy jo