[Pkg-kde-extras] Bug#439837: CVE-2007-4400: CRLF injection vulnerability

Stefan Fritsch sf at sfritsch.de
Mon Aug 27 20:24:16 UTC 2007

Package: konversation
Version: 1.0.1-1
Severity: minor
Tags: security

A vulnerability has been found in conversation. From CVE-2007-4400:

"CRLF injection vulnerability in the included media script in
Konversation allows user-assisted remote attackers to execute
arbitrary IRC commands via CRLF sequences in the name of the song in a
.mp3 file."

Severity minor since the attack vector is rather obscure.

Please mention the CVE id in the changelog.

More information about the pkg-kde-extras mailing list