CVE-2011-1842
Published: 19 April 2011
dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.
Priority
Status
Package | Release | Status |
---|---|---|
language-selector Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Released
(0.6.7)
|
|
natty |
Released
(0.33)
|
|
upstream |
Needs triage
|