CVE-2009-0317 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0317): Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
I am not sure whether this bug is being tracked upstream. Please see the blocker for details and a patch example.
hum actually we don't ship nautilus-python. It is a separate package from nautilus and is tracked at bug #78021
Fauli, I'll reassign this bug to you as you seem to sponsor inclusion of nautilus-python in the tree. Security is not tracking bugs for ebuilds in overlays, but you need to make sure this bug is fixed before tree inclusion. Thanks! Gnome, I'm keeping you in cc, feel free to remove yourself.
https://bugzilla.redhat.com/show_bug.cgi?id=481570 suggests http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=pythonpath.diff;att=1;bug=504251 as fix, which is for dia, so I have to investigate. Thanks for your notice.
Well, the fix is "along those lines", but the patch won't directly apply.
A fix is in the overlay, provided by Mark Lee (the official overlay maintainer) and is pushed upstream.
