From ${URL} : Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module.
and http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5660 : abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."
CVE-2012-5660 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5660): abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes." CVE-2012-5659 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5659): Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module.
2.0.13 is in tree and stable. GLSA vote: no.
GLSA vote: no Closing as noglsa
