Red Hat Bugzilla – Bug 1759
/usr/bin/play is a shell script which can be exploited via mime types
Last modified: 2008-05-01 11:37:49 EDT
/usr/bin/play doesn't properly quote its arguments, and when
fed a properly crafted 'audio file', could do some nasty
things to your system as the user it is being run as.
assigned to mike
This problem is fixed and in the tree.