* SECURITY UPDATE: Incomplete escaping in filenames allows remote attackers
to conduct argument injection attacks into a command via a crafted
filename. (LP: #396807)
- src/DownloadListCtrl.cpp sanitises the downloaded filenames but does
not escape ticks in filenames correctly.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078
- Patch by Sam Hocevar
- CVE-2009-1440
This bug was fixed in the package amule - 2.2.0~svn200802 18-0ubuntu4. 1
--------------- svn20080218- 0ubuntu4. 1) hardy-security; urgency=low
amule (2.2.0~
* SECURITY UPDATE: Incomplete escaping in filenames allows remote attackers tCtrl.cpp sanitises the downloaded filenames but does bugs.debian. org/cgi- bin/bugreport. cgi?bug= 525078
to conduct argument injection attacks into a command via a crafted
filename. (LP: #396807)
- src/DownloadLis
not escape ticks in filenames correctly.
- http://
- Patch by Sam Hocevar
- CVE-2009-1440
-- Andreas Moog <email address hidden> Wed, 08 Jul 2009 02:45:47 +0200