This bug was fixed in the package pitivi - 0.94-4ubuntu1
---
pitivi (0.94-4ubuntu1) xenial; urgency=medium
* d/patches/from_upstream_shell_command_injection.patch: apply upstream
commit to fix possible shell command injection. Thanks Bernd Dietzel for
bringing it up. (LP: #1
Upstream almost went for the same solution:
https://git.gnome.org/browse/pitivi/tree/pitivi/mainwindow.py
if asset.is_image():
subprocess.call(['xdg-open', str(path_from_uri(asset.get_id()))])
I'll go with that then.
--
You received this bug notification because you are a me
The attachment "patch for mainwindow.py , pitivi Version 0.94" seems to
be a patch. If it isn't, please remove the "patch" flag from the
attachment, remove the "patch" tag, and if you are a member of the
~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchp
Patch to fix the shell command injection
pitivi Version 0.94
** Patch added: "patch for mainwindow.py , pitivi Version 0.94"
https://bugs.launchpad.net/ubuntu/+source/pitivi/+bug/1506823/+attachment/4504236/+files/mainwindow.py.diff
--
You received this bug notification because you are a me
4 matches
Mail list logo
