Support for this version has ended
** Changed in: python2.4 (Ubuntu)
Status: Confirmed => Invalid
** Changed in: python2.5 (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bu
python2.6 was fixed in 2.6.6-5ubuntu1.
** Changed in: python2.6 (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/322196
Title:
Untrusted search path v
This was fixed in 0.96.1-7.1.
** Changed in: dia (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/322196
Title:
Untrusted search path vulnerability in
vim was fixed in 2:7.2.079-1ubuntu5
** Changed in: vim (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/322196
Title:
Untrusted search path vulnerabil
nautilus-python was fixed in 0.6.1-1
** Changed in: nautilus-python (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/322196
Title:
Untrusted search pa
epiphany-browser was fixed in 2.24.1-0ubuntu1.
** Changed in: epiphany-browser (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/322196
Title:
Untruste
eog was fixed in 2.24.1-0ubuntu1.
** Changed in: eog (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/322196
Title:
Untrusted search path vulnerabilit
csound was fixed in 1:5.08.2~dfsg-1.1ubuntu2.
** Changed in: csound (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/322196
Title:
Untrusted search pa
** Changed in: gedit
Importance: Unknown => Medium
--
Untrusted search path vulnerability in Python and multiple other programs
https://bugs.launchpad.net/bugs/322196
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mai
** Changed in: gedit
Status: New => Fix Released
--
Untrusted search path vulnerability in Python and multiple other programs
https://bugs.launchpad.net/bugs/322196
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs m
** Branch linked: lp:ubuntu/hardy-security/xchat
--
Untrusted search path vulnerability in Python and multiple other programs
https://bugs.launchpad.net/bugs/322196
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
This bug was fixed in the package xchat - 2.8.4-0ubuntu7.1
---
xchat (2.8.4-0ubuntu7.1) hardy-security; urgency=low
* SECURITY UPDATE (LP: #322196)
* debian/patches/64_CVE-2009-0315.dpatch:
- Fix untrusted search path vulnerability in the Python module
in xchat allows lo
ACK on the hardy update. Updated package was uploaded to hardy-security.
Thanks for the debdiff.
** Changed in: xchat (Ubuntu)
Status: Confirmed => Fix Committed
--
Untrusted search path vulnerability in Python and multiple other programs
https://bugs.launchpad.net/bugs/322196
You receive
** Changed in: python
Status: Unknown => Fix Released
--
Untrusted search path vulnerability in Python and multiple other programs
https://bugs.launchpad.net/bugs/322196
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-b
** Also affects: python via
http://bugs.python.org/issue5753
Importance: Unknown
Status: Unknown
--
Untrusted search path vulnerability in Python and multiple other programs
https://bugs.launchpad.net/bugs/322196
You received this bug notification because you are a member of Ubuntu
B
Upstream python has committed an alternative PySys_SetArgvEx that allows
applications that embed python to set sys.argv without also modifying
sys.path: http://bugs.python.org/issue5753#msg106256
It does require patches to all those applications though...
** Bug watch added: Python Roundup #5753
Shouldn't this be fixed in Python rather than all the tools using
Python?
--
Untrusted search path vulnerability in Python and multiple other programs
https://bugs.launchpad.net/bugs/322196
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Branch linked: lp:~ari-tczew/ubuntu/hardy/xchat/CVE-2009-0315
--
Untrusted search path vulnerability in Python and multiple other programs
https://bugs.launchpad.net/bugs/322196
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubun
** Description changed:
There's an interesting bug (or feature?) in Python 2.6 and earlier that
affects multiple applications using Python. The bug allows local or
user-assisted remote arbitrary code execution. Here is the description
of the Python CVE:
"Untrusted search path vulnerab
Note that a workaround to this python bug was committed to Gnumeric
upstream a long time ago (2009-01-29) and so this vulnerability is not
in gnumeric anymore since release 1.9.4.
** Changed in: gnumeric (Ubuntu)
Status: Confirmed => Fix Released
--
Untrusted search path vulnerability in
** Branch linked: lp:ubuntu/gedit
--
Untrusted search path vulnerability in Python and multiple other programs
https://bugs.launchpad.net/bugs/322196
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bug
** Changed in: epiphany-browser (Ubuntu)
Importance: Undecided => Low
--
Untrusted search path vulnerability in Python and multiple other programs
https://bugs.launchpad.net/bugs/322196
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This bug was fixed in the package gedit - 2.26.0-0ubuntu3
---
gedit (2.26.0-0ubuntu3) jaunty; urgency=low
* debian/patches/91_correct_path_use.patch:
- CVE-2009-0314, don't use an untrusted python path when loading
(lp: #322196)
-- Sebastien BacherWed, 08 Apr 2009 13
** Also affects: python2.6 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: python2.6 (Ubuntu)
Importance: Undecided => Low
** Changed in: python2.6 (Ubuntu)
Status: New => Confirmed
** Changed in: python2.3 (Ubuntu)
Status: Confirmed => Won't Fix
--
Untrust
** Changed in: gedit
Status: Unknown => New
--
Untrusted search path vulnerability in Python and multiple other programs
https://bugs.launchpad.net/bugs/322196
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailin
** Changed in: gedit (Ubuntu)
Assignee: (unassigned) => Ubuntu Desktop Bugs (desktop-bugs)
Status: Confirmed => Triaged
** Bug watch added: GNOME Bug Tracker #569214
http://bugzilla.gnome.org/show_bug.cgi?id=569214
** Also affects: gedit via
http://bugzilla.gnome.org/show_bug.cg
** Changed in: epiphany (Ubuntu)
Status: New => Invalid
** Also affects: epiphany-browser (Ubuntu)
Importance: Undecided
Status: New
** Also affects: python2.3 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: epiphany-browser (Ubuntu)
Status: New => Con
** Changed in: csound (Ubuntu)
Status: New => Confirmed
** Changed in: csound (Ubuntu)
Importance: Undecided => Low
** Changed in: dia (Ubuntu)
Status: New => Confirmed
** Changed in: dia (Ubuntu)
Importance: Undecided => Low
** Changed in: eog (Ubuntu)
Status: New =>
According to these links (provided by Jan Lieskovsky in the thread referenced
above), Python 2.6 is affected as well.
http://www.openwall.com/lists/oss-security/2009/01/28/5
https://bugzilla.redhat.com/show_bug.cgi?id=482814#c1
** Description changed:
- Binary package hint: python2.5
-
- There'
Adding CVE references: CVE-2008-5983, CVE-2008-5984, CVE-2008-5985,
CVE-2008-5986, CVE-2008-5987,
CVE-2009-0314, CVE-2009-0315, CVE-2009-0316, CVE-2009-0317, CVE-2009-0318
** Also affects: python2.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: dia (Ubuntu)
Importance
30 matches
Mail list logo