pidgin-knotify is a Pidgin plug-in to display message notifications in KDE.
pidgin-knotify does not properly sanitize shell metacharacters from received messages.
A remote attacker could send a specially crafted instant message, possibly resulting in execution of arbitrary code with the privileges of the Pidgin process.
There is no known workaround at this time.
Gentoo has discontinued support for pidgin-knotify. We recommend that users unmerge pidgin-knotify:
# emerge --unmerge "x11-plugins/pidgin-knotify"