CVE-2006-6979

NameCVE-2006-6979
DescriptionThe ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs410850

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
amarok (PTS)jessie2.8.0-2.1fixed
stretch2.8.0-8fixed
sid, trixie3.1.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
amaroksourcesarge(not affected)
amaroksource(unstable)1.4.4-1low410850

Notes

[sarge] - amarok <not-affected> (Vulnerable code not present)

Search for package or bug name: Reporting problems