Summary: | nautilus-python Untrusted search path vulnerability (CVE-2009-0317) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Current packages | Assignee: | Christian Faulhammer (RETIRED) <fauli> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gnome, rbu |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=481570 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 256619 | ||
Bug Blocks: | 78021 |
Description
Stefan Behte (RETIRED)
2009-01-30 22:55:16 UTC
I am not sure whether this bug is being tracked upstream. Please see the blocker for details and a patch example. hum actually we don't ship nautilus-python. It is a separate package from nautilus and is tracked at bug #78021 Fauli, I'll reassign this bug to you as you seem to sponsor inclusion of nautilus-python in the tree. Security is not tracking bugs for ebuilds in overlays, but you need to make sure this bug is fixed before tree inclusion. Thanks! Gnome, I'm keeping you in cc, feel free to remove yourself. https://bugzilla.redhat.com/show_bug.cgi?id=481570 suggests http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=pythonpath.diff;att=1;bug=504251 as fix, which is for dia, so I have to investigate. Thanks for your notice. Well, the fix is "along those lines", but the patch won't directly apply. A fix is in the overlay, provided by Mark Lee (the official overlay maintainer) and is pushed upstream. |