A vulnerability has been reported in Google Picasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening certain files located on a remote WebDAV or SMB share via the "Locate on Disk" functionality. Successful exploitation may allow the execution of arbitrary code. Solution Update to version 3.8.
CVE-2011-0458 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0458): Untrusted search path vulnerability in the Locate on Disk feature in Google Picasa before 3.8 allows local users to gain privileges via a Trojan horse executable file in the current working directory.
Uh I missed this completely. Anyway, there is no 3.8 version for linux, and I am not sure if the bug applies to linux anyway.
Package removed. See bug #434390.
