[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution

On Thu, Jan 17, 2008 at 02:38:45PM +0000, Steve Kemp wrote:
> Felipe Sateler discovered that apt-listchanges, a package change history
> notification tool, used unsafe paths when importing its python libraries.
> This could allow the execution of arbitary shell commands if the root user
> executed the command in a directory which other local users may write
> to.

Still that breaks because os is not imported.  Please fix.  Quickly.

Kind regards,
Philipp Kern
 .''`.  Philipp Kern                             Debian Developer
: :' :  http://philkern.de                       Debian Release Assistant
`. `'   xmpp:phil@0x539.de                       Ubuntu MOTU
  `-    finger pkern/key@db.debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: