The clementine patch appears to address the shell injection but does not address UTF-8 crashes nor SQL injections.
The gourmet patch appears to address the SQL injection but does not address the predictable /tmp/ filenames, potential cross-site scripting issues due to use of unquoted HTML, and the preview's localisation is still broken. The audacious patch appears to address the shell injection -- but Bernd points out that it may not function if multiple tracks are selected -- and does not address the 'database' file descriptor leak. The gmusicbrowser patch appears to address the shell injection -- but Bernd points out that it may not function if multiple tracks are selected -- and does not address the 'filename' file descriptor leak. The musique patch appears to address both the shell injection and SQL injection issues. It does not address UTF-8 crashes. The guayadeque patch appears to address the shell injection and SQL injections -- but Bernd points out that it may not function if multiple tracks are selected. It does not address UTF-8 crashes. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1483037 Title: Possible Shell Command Injection in daemon To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-scope-audacious/+bug/1483037/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
