© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
The clementine patch appears to address the shell injection but does not address UTF-8 crashes nor SQL injections.
The gourmet patch appears to address the SQL injection but does not address the predictable /tmp/ filenames, potential cross-site scripting issues due to use of unquoted HTML, and the preview's localisation is still broken.
The audacious patch appears to address the shell injection -- but Bernd points out that it may not function if multiple tracks are selected -- and does not address the 'database' file descriptor leak.
The gmusicbrowser patch appears to address the shell injection -- but Bernd points out that it may not function if multiple tracks are selected -- and does not address the 'filename' file descriptor leak.
The musique patch appears to address both the shell injection and SQL injection issues. It does not address UTF-8 crashes.
The guayadeque patch appears to address the shell injection and SQL injections -- but Bernd points out that it may not function if multiple tracks are selected. It does not address UTF-8 crashes.
Thanks