Untrusted search path vulnerability in the GObject Python interpreter
wrapper in Gnumeric allows local users to execute arbitrary code via
a Trojan horse Python file in the current working directory, related
to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
I am not sure whether this bug is being tracked upstream. Please see the blocker for details and a patch example.
Commited as 1.8.4-r1. Sorry for taking so long.
Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Sparc stable for gnumeric-1.8.4-r1. Note that this does not match the summary.
(In reply to comment #5)
> Sparc stable for gnumeric-1.8.4-r1. Note that this does not match the summary.
Ah, I see the summary was updated. Ignore the comments.
Stable on alpha.
!!! dodoc: TODO does not exist
>>> Completed installing gnumeric-1.8.4-r1 into /var/tmp/portage/app-office/gnumeric-1.8.4-r1/image/
Stable for HPPA.