oem-qa team mailing list archive

Thread
Date

[Bug 257993] Re: [CVE-2008-3699] Insecure creation of magnatune temp files

To: oem-qa@xxxxxxxxxxxxxxxxxxx
From: feranick <feranick@xxxxxxxxxxx>
Date: Wed, 08 Apr 2009 07:34:38 -0000
Reply-to: Bug 257993 <257993@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

KDE has been updated to 3.5.10 in ubuntu-mini but amarok is still in the
old version unpatched 1.4.9.1-0ubuntu3, based on KDE 3.5.9.

-- 
[CVE-2008-3699] Insecure creation of magnatune temp files
https://bugs.launchpad.net/bugs/257993
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.

Status in The Amarok Music Player: Fix Released
Status in Dell Inspiron Mini with Custom Dell UI: Confirmed
Status in “amarok” source package in Ubuntu: Fix Released
Status in amarok in Ubuntu Gutsy: Fix Released
Status in amarok in Ubuntu Hardy: Fix Released

Bug description:
A vulnerability was found in the creation of magnatune temporary files in amarok. A patch was made available from upstream. (Released with amarok 1.4.10)

References
    http://secunia.com/advisories/31418/
    http://www.securityfocus.com/bid/30662
    http://websvn.kde.org/?view=rev&revision=846626
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765

Uploading a debdiff for hardy-security shortly.