Shell injection in trash deletion via specially crafted filenames
Bug #1716269 reported by
James Lu
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Variety |
Fix Released
|
High
|
James Lu |
Bug Description
Steps to reproduce:
1) Rename any image to the format 'test";"<command name>";".png' (e.g. test";"
2) Attempt to delete the wallpaper via "Delete to Trash" in the Variety indicator menu.
3) The code nested in the command name will trigger 3 times as each trash command fails, as it is passed an incomplete filename.
Fortunately, the security impact of this bug is low because it requires user intervention and a weird filename in the first place. This is fixed in commit https:/
tags: | removed: shell-injection |
Changed in variety: | |
milestone: | none → 0.6.6 |
Changed in variety: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.