Comment 10 for bug 396807

This bug was fixed in the package amule - 2.2.0~svn20080218-0ubuntu4.1

---------------
amule (2.2.0~svn20080218-0ubuntu4.1) hardy-security; urgency=low

  * SECURITY UPDATE: Incomplete escaping in filenames allows remote attackers
    to conduct argument injection attacks into a command via a crafted
    filename. (LP: #396807)
    - src/DownloadListCtrl.cpp sanitises the downloaded filenames but does
      not escape ticks in filenames correctly.
    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078
    - Patch by Sam Hocevar
    - CVE-2009-1440

 -- Andreas Moog <email address hidden> Wed, 08 Jul 2009 02:45:47 +0200