Ubuntu
amarok package

  1. Bug #257993
  2. Comment #7

Comment 7 for bug 257993

Revision history for this message
Nicola Ferralis (feranick) wrote :

AmaroK in the dell-mini custom repos is still in version 2:1.4.9.1-0ubuntu3 which is affected by a security vulnerability. A patch is already available in mainstream hardy-updates. Thus, this packaged should be ported in the dell-mini repos.

Changelog:

amarok (2:1.4.9.1-0ubuntu3.1) hardy-security; urgency=low

  * SECURITY UPDATE: Insecure creation of magnatune temp files
  * Added kubuntu_99_security_mangatune_file_creator.diff patching
    amarok/src/magnatunebrowser/magnatunebrowser.cpp and
    amarok/src/magnatunebrowser/magnatunebrowser.h. Creates temp files
    correctly. From upstream.
  * References
    http://secunia.com/advisories/31418/
    http://www.securityfocus.com/bid/30662
    http://websvn.kde.org/?view=rev&revision=846626
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765
    CVE-2008-3699