CVE-2008-1568 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1568): comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.
See also here for an upstream comment: https://bugzilla.redhat.com/show_bug.cgi?id=430635#c1 Quoting Tomas Hoger: Additionally, comix seems to use python's tarfile module to extract tar archives. This module has known directory traversal issues (CVE-2007-4559), which were never fixed upstream. Tar archive with malicious content can be used to overwrite arbitrary file writable by user running comix.
I grabbed two patches from fedora ( http://cvs.fedora.redhat.com/viewcvs/rpms/comix/F-8/ ) and added media-gfx/comix-3.6.4-r1 to the tree. This will hopefully fix this problem.
looks good, thank you. Arches, please test and mark stable: =media-gfx/comix-3.6.4-r1 Target keywords : "amd64 ppc release x86"
x86 stable
amd64 stable
ppc stable
Fixed in release snapshot.
GLSA request filed.
CVE-2008-1796 has been assigned to the tempfile issue, which was fixed with the other patch.
GLSA 200804-29