1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
Candidate: CVE-2015-0855
PublicDate: 2017-03-23
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0855
https://git.gnome.org/browse/pitivi/commit/?id=45a4c84edb3b4343f199bba1c65502e3f49f5bb2 (RELEASE-0_95_0)
Description:
The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95
allows attackers to execute arbitrary code via shell metacharacters in a
file path.
Ubuntu-Description:
Notes:
Bugs:
https://launchpad.net/bugs/1495272
Priority: medium
Discovered-by: Luke Faraone
Assigned-to:
Patches_pitivi:
upstream: https://git.gnome.org/browse/pitivi/commit/?id=45a4c84edb3b4343f199bba1c65502e3f49f5bb2
other: https://bugs.launchpad.net/ubuntu/+source/pitivi/+bug/1495272/+attachment/4463293/+files/CVE-2015-0855.patch
upstream_pitivi: released (0.95-1)
precise_pitivi: not-affected (code not present)
precise/esm_pitivi: DNE (precise was not-affected [code not present])
trusty_pitivi: needed
vivid_pitivi: ignored (reached end-of-life)
vivid/stable-phone-overlay_pitivi: DNE
vivid/ubuntu-core_pitivi: DNE
wily_pitivi: ignored (reached end-of-life)
xenial_pitivi: not-affected (0.95-1)
yakkety_pitivi: not-affected (0.95-1)
zesty_pitivi: not-affected (0.95-1)
devel_pitivi: not-affected (0.95-1)
|