CVE-2009-0314 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0314): Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
I am not sure whether this bug is being tracked upstream. Please see the blocker for details and a patch example.
upstream bug: http://bugzilla.gnome.org/show_bug.cgi?id=569214
adapted upstream patch for 2.22.3 and committed as 2.22.3-r2. Sorry for taking so long. For testers, there is a file on the upstream bug to test if the issue is properly resolved.
Arches, please test and mark stable: =app-editors/gedit-2.22.3-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86" OR =app-editors/gedit-2.24.3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86" Already stabled : "amd64 ppc ppc64 x86" Missing keywords: "alpha arm hppa ia64 sh sparc"
=app-editors/gedit-2.22.3-r1 stable on alpha.
ia64/sparc stable
Stable for HPPA.
GLSA request filed.
Oops, looks like we need 2.22.3-r2 (read: revision two) stable. sparc/hppa: Could you pretty please stable the correct ebuild once more? :) On the other arches we have 2.24.3 stable so that shouldn't be a problem there. Sorry for the noise!
app-editors/gedit-2.24.3 will go stable for HPPA with the rest of gnome 2.24.
Hmm. Oh.
GLSA 200903-41
sparc also stable for =app-editors/gedit-2.24.3
arm/sh stable
GLSA still unfixed...
All affected ebuilds left the tree months ago.
There is really no point in fixing this GLSA since the upgrade paths are now all obsolete. Closing.