GNOME Bugzilla – Bug 569227
gedit: untrusted python modules search path
Last modified: 2018-05-24 13:58:52 UTC
+++ This bug was initially created as a clone of Bug #569214 +++ (From Jan Lieskovsky, https://bugzilla.redhat.com/show_bug.cgi?id=481556) "Untrusted search path vulnerability in gedit's Python module allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. References: http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html Debian bug report for similar eog issue: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504352#4 Proposed patch: Not sure, if gedi'ts upstream has been reported about this issue. The Debian patch for similar eog's Python related issue, available at: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=02_sanitize_sys.path.patch;att=1;bug=504352 should be sufficient to resolve this issue." There's no CVE assigned yet, but one has been requested. The security severity is considered "low".
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/rhythmbox/issues/691.