comix 3.6.4 allows attackers to execute arbitrary commands via a filename
containing shell metacharacters that are not properly sanitized when
executing the rar, unrar, or jpegtran programs.
See also here for an upstream comment:
Quoting Tomas Hoger:
Additionally, comix seems to use python's tarfile module to extract tar
archives. This module has known directory traversal issues (CVE-2007-4559),
which were never fixed upstream. Tar archive with malicious content can be used
to overwrite arbitrary file writable by user running comix.
I grabbed two patches from fedora ( http://cvs.fedora.redhat.com/viewcvs/rpms/comix/F-8/ ) and added media-gfx/comix-3.6.4-r1 to the tree. This will hopefully fix this problem.
looks good, thank you.
Arches, please test and mark stable:
Target keywords : "amd64 ppc release x86"
Fixed in release snapshot.
GLSA request filed.
CVE-2008-1796 has been assigned to the tempfile issue, which was fixed with the other patch.