[Desktop-packages] [Bug 1598438] [NEW] dialog.pl allows to inject shell code

Public bug reported: File : /usr/share/perl5/dialog.pl Line 25, 42, 62, 77 : system("dialog --title \"$title\" --textbox $file $height $width"); The perl script "dialog.pl" uses the system() command. So shell code in a path and/or file name could be executed. For Example like in this perl demo

[Desktop-packages] [Bug 1513964] Re: dsextras.py : Shell Command Injection with a pkg name

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to pygobject-2 in Ubuntu. https://bugs.launchpad.net/bugs/1513964 Title: dsextras.py : Shell Command Injection with a

[Desktop-packages] [Bug 1467666] Re: speechd_config executes Shell Commands

Patch ** Patch added: "Patch for /usr/lib/python3/dist-packages/speechd_config/config.py" https://bugs.launchpad.net/ubuntu/+source/speech-dispatcher/+bug/1467666/+attachment/4504591/+files/Patch.diff -- You received this bug notification because you are a member of Desktop Packages, which

[Desktop-packages] [Bug 1506823] Re: Shell Command Injection with a picture

Patch to fix the shell command injection pitivi Version 0.94 ** Patch added: "patch for mainwindow.py , pitivi Version 0.94" https://bugs.launchpad.net/ubuntu/+source/pitivi/+bug/1506823/+attachment/4504236/+files/mainwindow.py.diff -- You received this bug notification because you are a

[Desktop-packages] [Bug 1506823] [NEW] Shell Command Injection with a picture

Public bug reported: mainwindow.py , Line 486 os.system('xdg-open "%s"' % path_from_uri(asset.get_id())) If you import an image and double click on it to see a preview , any shell command in the picture name will be executet. For example : 1) rename a picture to this name $(xmessage hello

[Desktop-packages] [Bug 1460413] Re: Shell Command Injection in logcapture.py

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1460413 Title: Shell Command Injection in logcapture.py Status in

[Desktop-packages] [Bug 1467666] Re: speechd_config executes Shell Commands

** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to speech-dispatcher in Ubuntu. https://bugs.launchpad.net/bugs/1467666 Title: speechd_config executes Shell Commands Status in

[Desktop-packages] [Bug 1467666] [NEW] speechd_config executes Shell Commands

Public bug reported: if espeak is installed , some functions in the script speechd_config.py can be used to execute Shell Commands. -- Demo Example from the terminal type in : theregrunner@mint17 : ~ $ python3 Python 3.4.0 (default, Apr 11 2014, 13:05:18) [GCC 4.8.2] on linux Type help,

[Desktop-packages] [Bug 877631] Re: AssertionError after interruption/restart of backup

i am using deja-dup 20.1-0ubuntu0.2 (oneiric-proposed) to fix the problem , but the bug is śtill there i am using ubuntu 11.10 32 bit with german Language (de) i had used a password for encryption ( letters a-z , 0-9, and special char - ) i choose to keep the password i choose to keep the