Better patch attached for the clementine unity scope Python script. 1) I use subprocess.Popen() this time instead of the simple subprocess.call() before. 2) Should now handle albumtracks in a better way because its a list of strings. 3) Clementime gives you now a error message on playing a file when shell commands are in the filename. 4) A Folder Path with Shell Commands in the pathname will not be injected and not opened.
... could someone check it please ? ** Patch added: "Better patch" https://bugs.launchpad.net/ubuntu/+source/unity-scope-clementine/+bug/1483037/+attachment/4503381/+files/patch2.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1483037 Title: Possible Shell Command Injection in daemon To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-scope-audacious/+bug/1483037/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
