[Bug 1466633] Re: Pluma Plugin "Snippets" Manager - Shell Command Injection
** Changed in: ubuntu-mate Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466633 Title: Pluma Plugin "Snippets" Manager - Shell Command Injection To manage notifications about this bug go to: https://bugs.launchpad.net/gedit/+bug/1466633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466633] Re: Pluma Plugin "Snippets" Manager - Shell Command Injection
This bug was fixed in the package pluma - 1.12.2-2 --- pluma (1.12.2-2) unstable; urgency=medium [ Martin Wimpress ] * debian/patches: + Add _prevent_shell_code_injection.patch. Closes (LP: #1466633) [ Mike Gabriel ] * debian/control: + Bump Standards: to 3.9.7. No changes needed. -- Mike Gabriel Mon, 21 Mar 2016 22:08:23 +0100 ** Changed in: pluma (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466633 Title: Pluma Plugin "Snippets" Manager - Shell Command Injection To manage notifications about this bug go to: https://bugs.launchpad.net/gedit/+bug/1466633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466633] Re: Pluma Plugin "Snippets" Manager - Shell Command Injection
** Changed in: ubuntu-mate Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466633 Title: Pluma Plugin "Snippets" Manager - Shell Command Injection To manage notifications about this bug go to: https://bugs.launchpad.net/gedit/+bug/1466633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466633] Re: Pluma Plugin "Snippets" Manager - Shell Command Injection
** Changed in: ubuntu-mate Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466633 Title: Pluma Plugin "Snippets" Manager - Shell Command Injection To manage notifications about this bug go to: https://bugs.launchpad.net/gedit/+bug/1466633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466633] Re: Pluma Plugin "Snippets" Manager - Shell Command Injection
** Changed in: ubuntu-mate Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466633 Title: Pluma Plugin "Snippets" Manager - Shell Command Injection To manage notifications about this bug go to: https://bugs.launchpad.net/gedit/+bug/1466633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466633] Re: Pluma Plugin "Snippets" Manager - Shell Command Injection
** Changed in: pluma (Ubuntu) Status: Incomplete => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466633 Title: Pluma Plugin "Snippets" Manager - Shell Command Injection To manage notifications about this bug go to: https://bugs.launchpad.net/gedit/+bug/1466633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466633] Re: Pluma Plugin "Snippets" Manager - Shell Command Injection
The attachment "Patch for gedit importer.py" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466633 Title: Pluma Plugin "Snippets" Manager - Shell Command Injection To manage notifications about this bug go to: https://bugs.launchpad.net/gedit/+bug/1466633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466633] Re: Pluma Plugin "Snippets" Manager - Shell Command Injection
I attached a patch witch solves the problem. I have tested it with gedit 3.10.4 and Ubuntu 15.10 Should be the same in pluma. ** Patch added: "Patch for gedit importer.py" https://bugs.launchpad.net/gedit/+bug/1466633/+attachment/4504703/+files/importer.py_Patch.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466633 Title: Pluma Plugin "Snippets" Manager - Shell Command Injection To manage notifications about this bug go to: https://bugs.launchpad.net/gedit/+bug/1466633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466633] Re: Pluma Plugin "Snippets" Manager - Shell Command Injection
** Also affects: ubuntu-mate Importance: Undecided Status: New ** Also affects: gedit Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466633 Title: Pluma Plugin "Snippets" Manager - Shell Command Injection To manage notifications about this bug go to: https://bugs.launchpad.net/gedit/+bug/1466633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466633] Re: Pluma Plugin "Snippets" Manager - Shell Command Injection
Also, I question the security relevancy of this report. It requires quite a few actions from the user and I doubt an attacker could pull such an attack off. I'd suggest taking this issue to the upstream project but feel like it has negligible security impact. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466633 Title: Pluma Plugin "Snippets" Manager - Shell Command Injection To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pluma/+bug/1466633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466633] Re: Pluma Plugin "Snippets" Manager - Shell Command Injection
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Changed in: pluma (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466633 Title: Pluma Plugin "Snippets" Manager - Shell Command Injection To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pluma/+bug/1466633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466633] Re: Pluma Plugin "Snippets" Manager - Shell Command Injection
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466633 Title: Pluma Plugin "Snippets" Manager - Shell Command Injection To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pluma/+bug/1466633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466633] Re: Pluma Plugin "Snippets" Manager - Shell Command Injection
Same problem with gedit 2.30.4 in Linux Mint 17.1 Rebecca Watch my (german) Shell Command Injection Demo Video at Timecode 10:00min https://www.youtube.com/watch?v=abP76r-2js0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466633 Title: Pluma Plugin "Snippets" Manager - Shell Command Injection To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pluma/+bug/1466633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs