From secunia security advisory at $URL:
A vulnerability has been reported in Wicd, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
The vulnerability is caused due to an input sanitisation error within the "SetWiredProperty()" method (wicd-daemon.py) when setting certain properties and can be exploited to execute arbitrary commands.
The vulnerability is reported in version 1.7.1. Prior versions may also be affected.
Update to version 1.7.2.
Hmm, nls toggle was dropped and the curses gui stopped to work. 1.7.2 looks bad(tm), I'll need a bit to sort things out, sorry. Please stay tuned.
*** Bug 411759 has been marked as a duplicate of this bug. ***
(In reply to comment #1)
> Hmm, nls toggle was dropped and the curses gui stopped to work. 1.7.2 looks
> bad(tm), I'll need a bit to sort things out, sorry. Please stay tuned.
How about make, e.g. 1.7.1_pre20120127-r1 or 1.7.1-r4 that contains the patch for wicd-daemon.py?
22.214.171.124 is in cvs. Happy Fri 13!
+ 13 Apr 2012; Thomas Kahle <email@example.com> +wicd-126.96.36.199.ebuild:
+ Security bump (bug 411729)
x86, amd64: Please test and stable.
Thanks, folks. GLSA request filed.
This issue was resolved and addressed in
GLSA 201206-08 at http://security.gentoo.org/glsa/glsa-201206-08.xml
by GLSA coordinator Sean Amoss (ackle).