569648 – (CVE-2015-0855) <media-video/pitivi-0.95: Insecure use of os.system() (CVE-2015-0855)

Bug 569648 (CVE-2015-0855) - <media-video/pitivi-0.95: Insecure use of os.system() (CVE-2015-0855)

Summary: <media-video/pitivi-0.95: Insecure use of os.system() (CVE-2015-0855)

Status:	RESOLVED FIXED

Alias:	CVE-2015-0855

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:	~2 [noglsa/cve]
Keywords:

Depends on:
Blocks:

Reported:	2015-12-24 18:56 UTC by Agostino Sarubbo
Modified:	2015-12-28 16:08 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2015-12-24 18:56:06 UTC

From ${URL} :

>                 Double-clicking a file in the user's media library with
>                 a specially-crafted path or filename allows for
>                 arbitrary code execution with the permissions of the
>                 user running Pitivi.

This issue was fixed upstream in 0.95 with commit
45a4c84edb3b4343f199bba1c65502e3f49f5bb2[1].

1] https://git.gnome.org/browse/pitivi/commit/?id=45a4c84edb3b4343f199bba1c65502e3f49f5bb2



@maintainer(s): since the fixed version is already in the tree, please remove the affected versions.

Comment 1 Gilles Dartiguelongue (RETIRED) gentoo-dev

2015-12-27 17:15:01 UTC

pitivi < 0.95 cleaned up.

Comment 2 Agostino Sarubbo gentoo-dev

2015-12-28 16:08:42 UTC

closing as noglsa