Comment 0 for bug 811119

Possible command injection.
The "/usr/lib/python2.6/dist-packages/foomatic/pysmb.py" script which is part of python-foomatic (foomatic-gui depends on this apparently :/) appears that it maybe vulnerable to command injection.
I suspect this because it does _not_ escape the value of a host's 'netbios name' nor the 'workgroup' / domain of the network on line ~118 [0] in the function get_printer_list. I have not checked but I believe this script may be used in the foomatic-gui :/

You can test against the script by doing the following:
#1 installing samba, placing netbios name = oh'notquotezSIF
#2 and then running "python /usr/lib/python2.6/dist-packages/foomatic/pysmb.py"

[0] - for l in os.popen (str, 'r'):