CVE-2008-5985 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5985): Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
I am not sure whether this bug is being tracked upstream. Please see the blocker for details and a patch example.
Debian patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=sanitize_sys.path.diff;att=1;bug=504363
2.22.3-r2 and 2.22.3-r12 are in the tree.
Arches, please test and mark stable: =www-client/epiphany-2.22.3-r2 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Sparc stable, seems fine (tested with USE=xulrunner).
amd64/x86 stable
alpha/ia64 stable
Stable for HPPA.
ppc and ppc64 done
GLSA 200903-16