[Pkg-kde-extras] Bug#439837: CVE-2007-4400: CRLF injection vulnerability
Stefan Fritsch
sf at sfritsch.de
Mon Aug 27 20:24:16 UTC 2007
Package: konversation
Version: 1.0.1-1
Severity: minor
Tags: security
A vulnerability has been found in conversation. From CVE-2007-4400:
"CRLF injection vulnerability in the included media script in
Konversation allows user-assisted remote attackers to execute
arbitrary IRC commands via CRLF sequences in the name of the song in a
.mp3 file."
Severity minor since the attack vector is rather obscure.
Please mention the CVE id in the changelog.
More information about the pkg-kde-extras
mailing list