Description: Fix multiple CRLF injection vulnerabilities in "now playing" scripts
Forwarded: not-needed
Author: Wouter Coekaerts
Last-Update: 2016-02-29
--- a/scripts/xmms.pl
+++ b/scripts/xmms.pl
@@ -139,6 +139,9 @@ Example: /set xmms_format_time %%m minut
         $format =~ s/\%$_/$fs{$_}/g;
     }
 
+    # remove newline characters
+    $format =~ s/[\r\n]/ /g;
+
     # sending it.
     if ($server && $server->{connected} && $witem &&
         ($witem->{type} eq "CHANNEL" || $witem->{type} eq "QUERY")) {