On Friday, 6 January 2017 21:57:57 CET Salvatore Bonaccorso wrote:
> Btw, it would be good/great to forward any applied patch to upstream.
Done: https://bugs.launchpad.net/shutter/+bug/1652600/comments/6
(this is a bit confusing because launchpad is usually downstream...)
All the best
--
https
Hi Dominique,
On Fri, Jan 06, 2017 at 07:33:07PM +0100, Dominique Dumont wrote:
> On Sat, 31 Dec 2016 12:39:57 +0100 Christoph Biedl ulm.de> wrote:
> > Christoph Biedl wrote...
> >
> > > The patch attached
>
> Thanks.
>
> I've tested the patch and it's fine.
>
> I've also created a patch to r
On Sat, 31 Dec 2016 12:39:57 +0100 Christoph Biedl wrote:
> Christoph Biedl wrote...
>
> > The patch attached
Thanks.
I've tested the patch and it's fine.
I've also created a patch to replace all system("big string") calls to
system(@big_list) in all plugins to avoid similar problems.
I'll u
Christoph Biedl wrote...
> The patch attached
--- a/bin/shutter
+++ b/bin/shutter
@@ -7164,8 +7164,13 @@
elsif ( $pid == 0 ) {
#see Bug #661424
-my $qfilename = quotemeta $session_screens{$key}->{'long'};
-exec( sprintf( "$^X $plugin_
Salvatore Bonaccorso wrote...
> CVE-2016-10081[0]:
> | /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote
> | attackers to execute arbitrary commands via a crafted image name that
> | is mishandled during a "Run a plugin" action.
*sigh* Single-argument usage of system/exec thr
Source: shutter
Version: 0.88.3-1
Severity: grave
Tags: upstream security
Justification: user security hole
Forwarded: https://bugs.launchpad.net/shutter/+bug/1652600
Hi,
the following vulnerability was published for shutter.
CVE-2016-10081[0]:
| /usr/bin/shutter in Shutter through 0.93.1 allows
6 matches
Mail list logo
