_______________________________________________________________________
Package : epiphany
Date : February 20, 2009
Affected: 2009.0
_______________________________________________________________________
Problem Description:
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current Epiphany working directory
(CVE-2008-5985).
This update provides fix for that vulnerability.
Update:
The previous update package was not built against the correct (latest)
libxulrunner-1.9.0.6 library (fixes #48163)
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-5985
_______________________________________________________________________