Message-ID: <email address hidden> Date: Fri, 10 Dec 2004 14:51:51 -0500 From: Joey Hess <email address hidden> To: <email address hidden> Subject: CAN-2004-1165: FTP command injection bug
--tKW2IUtsqtDRztdT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable
Package: konqueror Version: 3.3.1 Tags: security Severity: serious
CAN-2004-1165 is about a security hole in konqueror that allows arbitrary ftp commands to be inserted in a URL via URL-encoded newlines. Details about this hole are here: http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D110245752232681&w=3D2
The advisory says that it affects version >=3D 3.3.1, so perhaps our 3.2.3-1/2.3.3-1 in t-p-u/testing are not vulnerable. I've not checked.
--=20 see shy jo
--tKW2IUtsqtDRztdT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBuf5Wd8HHehbQuO8RAjieAKDsuxo6Lz9ntdCxS0KtTOJp3hvGqwCeMCd0 E9zg0VsPJ4emLLfuKeiKibo= =kf+Z -----END PGP SIGNATURE-----
--tKW2IUtsqtDRztdT--
Message-ID: <email address hidden>
Date: Fri, 10 Dec 2004 14:51:51 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: CAN-2004-1165: FTP command injection bug
--tKW2IUtsqtDRztdT Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Package: konqueror
Version: 3.3.1
Tags: security
Severity: serious
CAN-2004-1165 is about a security hole in konqueror that allows marc.theaimsgro up.com/ ?l=3Dbugtraq& m=3D11024575223 2681&w= 3D2
arbitrary ftp commands to be inserted in a URL via URL-encoded newlines.
Details about this hole are here:
http://
The advisory says that it affects version >=3D 3.3.1, so perhaps our
3.2.3-1/2.3.3-1 in t-p-u/testing are not vulnerable. I've not checked.
--=20
see shy jo
--tKW2IUtsqtDRztdT pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
HehbQuO8RAjieAK Dsuxo6Lz9ntdCxS 0KtTOJp3hvGqwCe MCd0 uKeiKibo=
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBuf5Wd8H
E9zg0VsPJ4emLLf
=kf+Z
-----END PGP SIGNATURE-----
--tKW2IUtsqtDRz tdT--