Comment 12 for bug 396807

This bug was fixed in the package amule - 2.2.4-1ubuntu1.1

---------------
amule (2.2.4-1ubuntu1.1) jaunty-security; urgency=low

  * SECURITY UPDATE: Incomplete escaping in filenames allows remote attackers
    to conduct argument injection attacks into a command via a crafted
    filename. (LP: #396807)
    - src/DownloadListCtrl.cpp sanitises the downloaded filenames but does
      not escape ticks in filenames correctly.
    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078
    - Patch by Sam Hocevar
    - CVE-2009-1440

 -- Andreas Moog <email address hidden> Wed, 08 Jul 2009 01:59:01 +0200