Launchpad CVE tracker

CVE 2012-3355

(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.

Related bugs and status

CVE-2012-3355 (Candidate) is related to these bugs:

Bug #795765: CDs won't resume playing after being paused

		In	Importance	Status
795765	CDs won't resume playing after being paused	OEM Priority Project	Medium	Fix Released
795765	CDs won't resume playing after being paused	OEM Priority Project precise	Medium	Fix Released
795765	CDs won't resume playing after being paused	rhythmbox (Ubuntu)	High	Fix Released
795765	CDs won't resume playing after being paused	OEM Priority Project quantal	Medium	Fix Released
795765	CDs won't resume playing after being paused	Rhythmbox	Critical	Fix Released
795765	CDs won't resume playing after being paused	rhythmbox (Ubuntu Quantal)	High	Fix Released
795765	CDs won't resume playing after being paused	rhythmbox (Ubuntu Precise)	High	Won't Fix

Bug #1060601: [FFe]: Update rhythmbox from 2.97 to 2.98

Summary				In	Importance	Status
	1060601	[FFe]: Update rhythmbox from 2.97 to 2.98		rhythmbox (Ubuntu)	Wishlist	Fix Released
	1060601	[FFe]: Update rhythmbox from 2.97 to 2.98		Ubuntu Translations	Undecided	Fix Released

Bug #1180721: replaygain crashing on second play

Summary				In	Importance	Status
	1180721	replaygain crashing on second play		rhythmbox (Ubuntu)	High	Fix Released
	1180721	replaygain crashing on second play		Rhythmbox	High	Fix Released

Bug #1220972: Upgrade rhythmbox to 3.0

Summary				In	Importance	Status
	1220972	Upgrade rhythmbox to 3.0		rhythmbox (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3355

References