Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-0855

The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path.

Related bugs and status

CVE-2015-0855 (Candidate) is related to these bugs:

Bug #1495272: Insecure use of os.system()

		In	Importance	Status
1495272	Insecure use of os.system()	pitivi (Ubuntu)	Undecided	Fix Released
1495272	Insecure use of os.system()	pitivi (Ubuntu Vivid)	Undecided	Expired
1495272	Insecure use of os.system()	pitivi (Ubuntu Wily)	Undecided	Expired
1495272	Insecure use of os.system()	pitivi (Ubuntu Precise)	Undecided	Invalid
1495272	Insecure use of os.system()	pitivi (Ubuntu Trusty)	Undecided	Expired

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2015122...
CONFIRM: https://bugs.launchpad...
CONFIRM: https://git.gnome.org/...
BID: 97283