Ubuntu
kdelibs package

  1. Bug #11565
  2. Comment #4

Comment 4 for bug 11565

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 10 Dec 2004 14:51:51 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: CAN-2004-1165: FTP command injection bug

--tKW2IUtsqtDRztdT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: konqueror
Version: 3.3.1
Tags: security
Severity: serious

CAN-2004-1165 is about a security hole in konqueror that allows
arbitrary ftp commands to be inserted in a URL via URL-encoded newlines.
Details about this hole are here:
http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D110245752232681&w=3D2

The advisory says that it affects version >=3D 3.3.1, so perhaps our
3.2.3-1/2.3.3-1 in t-p-u/testing are not vulnerable. I've not checked.

--=20
see shy jo

--tKW2IUtsqtDRztdT
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBuf5Wd8HHehbQuO8RAjieAKDsuxo6Lz9ntdCxS0KtTOJp3hvGqwCeMCd0
E9zg0VsPJ4emLLfuKeiKibo=
=kf+Z
-----END PGP SIGNATURE-----

--tKW2IUtsqtDRztdT--