You are not logged in.

#1 2008-09-12 23:29:39

forkboy
Member
From: Blackpool, England
Registered: 2005-09-03
Posts: 74

amarok security bug

I see that amarok-base and amarok-engine-xine have been flaged out of date a while ago, I've tried using abs to compile 1.4.10 but the compile fails, I'm just a little concerned about this bug http://cve.mitre.org/cgi-bin/cvename.cg … -2008-3699

Offline

#2 2008-09-13 02:17:50

Gullible Jones
Member
Registered: 2004-12-29
Posts: 4,863

Re: amarok security bug

You should probably file a bug report... The package isn't just out of date now if it's also got a security vulnerability.

Edit: although that doesn't look too huge to me, it isn't a remote vulnerability... After all, someone with local access to your computer already has the ability to screw it up in many ways, no?

Last edited by Gullible Jones (2008-09-13 02:20:18)

Offline

#3 2008-09-14 01:29:50

warlord
Member
Registered: 2007-07-04
Posts: 58

Re: amarok security bug

Amarok 1.4.10 pkgbuild from abs fails, but I found the latest version at tanis kde3 repo.
There is not a pkgbuild, only the 2 packages.

http://csclub.uwaterloo.ca/~jkschmid/arch/kde3/x86_64

BTW, why is amarok unflagged out of date???

Offline

#4 2008-09-14 02:21:11

Allan
Developer
From: Brisbane, AU
Registered: 2007-06-09
Posts: 9,939
Website

Re: amarok security bug

There was a bug with the web interface.  Flag them out of date again and file a bug report about the security vulnerability.

Offline

#5 2008-09-14 13:33:33

warlord
Member
Registered: 2007-07-04
Posts: 58

Re: amarok security bug

Done...

Offline

#6 2008-09-14 19:45:00

forkboy
Member
From: Blackpool, England
Registered: 2005-09-03
Posts: 74

Re: amarok security bug

warlord wrote:

Done...

Whats the bug number? I can't find it...

Offline

#7 2008-09-14 20:01:29

warlord
Member
Registered: 2007-07-04
Posts: 58

Re: amarok security bug

I mean I flagged the packages out of date. tongue

Anyway, I just filled and the bug report

http://bugs.archlinux.org/task/11483

Last edited by warlord (2008-09-14 20:05:11)

Offline

#8 2008-09-14 20:23:16

forkboy
Member
From: Blackpool, England
Registered: 2005-09-03
Posts: 74

Re: amarok security bug

OK, I have flagged the i686 packages too.

Offline

#9 2008-09-28 18:54:04

BKJ
Member
Registered: 2008-09-19
Posts: 71

Re: amarok security bug

FYI... Looks as though the package has been updated and is out in the repos....  This security bug should now be fixed in the new version.

Offline

#10 2008-09-28 18:55:28

warlord
Member
Registered: 2007-07-04
Posts: 58

Re: amarok security bug

Yes, the bug report I opened was closed this morning.

Offline

Board footer

Powered by FluxBB