Public bug reported:
File : /usr/share/perl5/dialog.pl
Line 25, 42, 62, 77 :
system("dialog --title \"$title\" --textbox $file $height $width");
The perl script "dialog.pl" uses the system() command.
So shell code in a path and/or file name could be executed.
For Example like in this perl demo
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pygobject-2 in Ubuntu.
https://bugs.launchpad.net/bugs/1513964
Title:
dsextras.py : Shell Command Injection with a pk
Patch
** Patch added: "Patch for
/usr/lib/python3/dist-packages/speechd_config/config.py"
https://bugs.launchpad.net/ubuntu/+source/speech-dispatcher/+bug/1467666/+attachment/4504591/+files/Patch.diff
--
You received this bug notification because you are a member of Desktop
Packages, which
Patch to fix the shell command injection
pitivi Version 0.94
** Patch added: "patch for mainwindow.py , pitivi Version 0.94"
https://bugs.launchpad.net/ubuntu/+source/pitivi/+bug/1506823/+attachment/4504236/+files/mainwindow.py.diff
--
You received this bug notification because you are a me
Public bug reported:
mainwindow.py , Line 486
os.system('xdg-open "%s"' % path_from_uri(asset.get_id()))
If you import an image and double click on it to see a preview ,
any shell command in the picture name will be executet.
For example :
1) rename a picture to this name
$(xmessage hello wo
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to hplip in Ubuntu.
https://bugs.launchpad.net/bugs/1460413
Title:
Shell Command Injection in logcapture.py
Status in hp
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to speech-dispatcher in Ubuntu.
https://bugs.launchpad.net/bugs/1467666
Title:
speechd_config executes Shell Commands
Status in sp
Public bug reported:
if espeak is installed , some functions in the script
"speechd_config.py" can be used to execute Shell Commands.
--
Demo Example from the terminal type in :
theregrunner@mint17 : ~ $ python3
Python 3.4.0 (default, Apr 11 2014, 13:05:18)
[GCC 4.8.2] on linux
Type "help
i am using deja-dup 20.1-0ubuntu0.2 (oneiric-proposed) to fix the
problem , but the bug is śtill there
i am using ubuntu 11.10 32 bit with german Language (de)
i had used a password for encryption ( letters a-z , 0-9, and special char "-"
)
i choose to keep the password
i choose to keep the ba
9 matches
Mail list logo