Bug#616673: rhythmbox-plugins: Plugin "context" contains hardcoded path to /tmp/context/

Josselin Mouette joss at debian.org
Fri Jun 22 19:16:22 UTC 2012


tag 616673 security
severity 616673 grave
thanks

Le dimanche 06 mars 2011 à 14:58 +0100, Hans Spaans a écrit : 
> The following files contain a hardcoded path to "/tmp/context/".
> 
> /usr/lib/rhythmbox/plugins/context/AlbumTab.py
> /usr/lib/rhythmbox/plugins/context/ArtistTab.py
> /usr/lib/rhythmbox/plugins/context/LinksTab.py
> /usr/lib/rhythmbox/plugins/context/LyricsTab.py

Sorry for not replying earlier.
This terrible newbie mistake is probably a local privilege escalation
vulnerability. 

Squeeze is affected.

-- 
 .''`.      Josselin Mouette
: :' :
`. `'
  `-







More information about the pkg-gnome-maintainers mailing list