Bug#639243: CVE-2011-2899: remote arbitrary code execution
Guido Günther
agx at sigxcpu.org
Wed Sep 14 13:28:17 UTC 2011
On Fri, Sep 02, 2011 at 11:52:02PM +0200, Guido Günther wrote:
> On Thu, Aug 25, 2011 at 12:22:04PM +0200, Josselin Mouette wrote:
> > Package: system-config-printer
> > Version: 1.2.3-3
> > Severity: grave
> > Tags: security squeeze
> >
> > See https://bugzilla.redhat.com/show_bug.cgi?id=728348
> >
> > The pysmb.py module in system-config-printer is vulnerable to a remote
> > security vulnerability.
>
> I had a short look at the code now.
>
> >From what I see the version in squeeze uses smbc instead of invoking
> nmblookup/smbclient directly. There's a leftover nmblookup in
> troubleshoot/CheckPrinterSanity.py though but this only gets input from
> the troubleshoot dialog..
Lenny should be fixed by this patch. I'd appreciate any review.
Cheers,
-- Guido
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Use-subprocess.Popen-with-shell-False.patch
Type: text/x-diff
Size: 5714 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20110914/df141465/attachment.patch>
More information about the pkg-gnome-maintainers
mailing list