CVE-2012-3355

Priority
Description
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in
the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users
to execute arbitrary code via a symlink attack on a temporary HTML template
file in the /tmp/context directory.
Assigned-to
jdstrand
Notes
jdstranddoes not affect 11.04 and earlier
Context plugin not enabled by default in Ubuntu
upstream has not settled on a patch, but after analyzing the
proposed patch, it should address the issue sufficiently (see comment #2
from the upstream bug)
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):released (2.97-1ubuntu2)
More Information

Updated: 2019-12-05 20:59:32 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)