Bug#513513: CVE-2009-0314: Untrusted search path vulnerability
Steffen Joeris
steffen.joeris at skolelinux.de
Thu Jan 29 18:39:57 UTC 2009
Package: gedit
Severity: important
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gedit.
CVE-2009-0314[0]:
| Untrusted search path vulnerability in the Python module in gedit
| allows local users to execute arbitrary code via a Trojan horse Python
| file in the current working directory, related to a vulnerability in
| the PySys_SetArgv function (CVE-2008-5983).
There are more information in the redhat bugreport[1] including a
patch[2].
For stable, this issue could be fixed via stable-proposed-updates. It
seems that the vulnerable function is gedit_python_module_init_python().
For lenny, it could be fixed via migration from unstable.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0314
http://security-tracker.debian.net/tracker/CVE-2009-0314
[1] https://bugzilla.redhat.com/show_bug.cgi?id=481556
[2] https://bugzilla.redhat.com/attachment.cgi?id=330031
More information about the pkg-gnome-maintainers
mailing list