[Bug 396807] Re: Security issue allows code execution, CVE-2009-1440
Launchpad Bug Tracker
396807 at bugs.launchpad.net
Wed Jul 8 18:04:49 UTC 2009
This bug was fixed in the package amule - 2.2.2-1ubuntu1.1
---------------
amule (2.2.2-1ubuntu1.1) intrepid-security; urgency=low
* SECURITY UPDATE: Incomplete escaping in filenames allows remote attackers
to conduct argument injection attacks into a command via a crafted
filename. (LP: #396807)
- src/DownloadListCtrl.cpp sanitises the downloaded filenames but does
not escape ticks in filenames correctly.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078
- Patch by Sam Hocevar
- CVE-2009-1440
-- Andreas Moog <amoog at ubuntu.com> Wed, 08 Jul 2009 02:36:12 +0200
** Changed in: amule (Ubuntu Jaunty)
Status: Fix Committed => Fix Released
--
Security issue allows code execution, CVE-2009-1440
https://bugs.launchpad.net/bugs/396807
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list