PublicDate: 2007-08-18 21:17:00 UTC
Candidate: CVE-2007-4400
References:
 http://svn.debian.org/wsvn/pkg-kde/kde-extras/konversation/trunk/debian/patches/15_CVE-2007-4400.diff?op=file&rev=0&sc=0
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4400
Description:
 CRLF injection vulnerability in the included media script in Konversation
 allows user-assisted remote attackers to execute arbitrary IRC commands via
 CRLF sequences in the name of the song in a .mp3 file.
Ubuntu-Description:
Notes:
 kees> requires a malicious MP3 get played while id3 display plugin is running
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:


upstream_konversation: needs-triage
Patches_konversation:
 vendor: http://svn.debian.org/wsvn/pkg-kde/kde-extras/konversation/trunk/debian/patches/15_CVE-2007-4400.diff?op=file&rev=0&sc=0
dapper_konversation: ignored (reached end-of-life)
edgy_konversation: needed (reached end-of-life)
feisty_konversation: needed (reached end-of-life)
gutsy_konversation: released (1.0.1-4ubuntu1)
hardy_konversation: released (1.0.1-4ubuntu1)
intrepid_konversation: released (1.0.1-4ubuntu1)
jaunty_konversation: released (1.0.1-4ubuntu1)
devel_konversation: released (1.0.1-4ubuntu1)