** Changed in: hundredpapercuts
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1586346
Title:
Shell injection with a GTK-Bookmark
To manage notifications abo
This bug was fixed in the package mate-menu - 17.10.2-0ubuntu1
---
mate-menu (17.10.2-0ubuntu1) artful; urgency=medium
* New upstream release. (LP: #1586346)
-- Martin Wimpress Fri, 19 May 2017
12:17:51 +0100
** Changed in: mate-menu (Ubuntu)
Status: Fix Committed => Fix
** Changed in: mate-menu (Ubuntu)
Status: Confirmed => In Progress
** Changed in: mate-menu (Ubuntu)
Assignee: (unassigned) => Martin Wimpress (flexiondotorg)
** Changed in: mate-menu (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because
** Changed in: mate-menu (Ubuntu)
Importance: Undecided => High
** Also affects: hundredpapercuts
Importance: Undecided
Status: New
** Changed in: hundredpapercuts
Status: New => Confirmed
** Changed in: hundredpapercuts
Importance: Undecided => High
--
You received this
** Changed in: mate-menu (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1586346
Title:
Shell injection with a GTK-Bookmark
To manage notifications about this
** Attachment added: "recent.py has the same problem / Screenshot"
https://bugs.launchpad.net/ubuntu/+source/mate-menu/+bug/1586346/+attachment/4671530/+files/Screenshot%20recent.py%20%20bug.png
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
...and Remove this os.system calls, too please :-)
/usr/share/mate-menu/plugins/recent.py:189:
x = os.system("gvfs-open \""+filename+"\"")
/usr/share/mate-menu/plugins/applications.py:991:
os.system("rm \"%s\" &" % desktopEntry.desktopFile)
/usr/share/mate-menu/plugins/appli
