CVE 2012-3355
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
Related bugs and status
CVE-2012-3355 (Candidate) is related to these bugs:
Bug #795765: CDs won't resume playing after being paused
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
795765 | CDs won't resume playing after being paused | OEM Priority Project | Medium | Fix Released | ||
795765 | CDs won't resume playing after being paused | OEM Priority Project precise | Medium | Fix Released | ||
795765 | CDs won't resume playing after being paused | rhythmbox (Ubuntu) | High | Fix Released | ||
795765 | CDs won't resume playing after being paused | OEM Priority Project quantal | Medium | Fix Released | ||
795765 | CDs won't resume playing after being paused | Rhythmbox | Critical | Fix Released | ||
795765 | CDs won't resume playing after being paused | rhythmbox (Ubuntu Quantal) | High | Fix Released | ||
795765 | CDs won't resume playing after being paused | rhythmbox (Ubuntu Precise) | High | Won't Fix |
Bug #1060601: [FFe]: Update rhythmbox from 2.97 to 2.98
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1060601 | [FFe]: Update rhythmbox from 2.97 to 2.98 | rhythmbox (Ubuntu) | Wishlist | Fix Released | ||
1060601 | [FFe]: Update rhythmbox from 2.97 to 2.98 | Ubuntu Translations | Undecided | Fix Released |
Bug #1180721: replaygain crashing on second play
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1180721 | replaygain crashing on second play | rhythmbox (Ubuntu) | High | Fix Released | ||
1180721 | replaygain crashing on second play | Rhythmbox | High | Fix Released |
Bug #1220972: Upgrade rhythmbox to 3.0
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1220972 | Upgrade rhythmbox to 3.0 | rhythmbox (Ubuntu) | Wishlist | Fix Released |
See the
CVE page on Mitre.org
for more details.