A vulnerability in pidgin-knotify might allow remote attackers to execute arbitrary code.
|Package||x11-plugins/pidgin-knotify on all architectures|
|Affected versions||<= 0.2.1|
pidgin-knotify is a Pidgin plug-in to display message notifications in KDE.
pidgin-knotify does not properly sanitize shell metacharacters from received messages.
A remote attacker could send a specially crafted instant message, possibly resulting in execution of arbitrary code with the privileges of the Pidgin process.
There is no known workaround at this time.
Gentoo has discontinued support for pidgin-knotify. We recommend that users unmerge pidgin-knotify:
# emerge --unmerge "x11-plugins/pidgin-knotify"
February 26, 2014
February 26, 2014: 1