Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs

[Jan Lieskovsky <jlieskov () redhat com>]

On 06/25/2012 03:36 PM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
>
> An insecure temporary directory use flaw was found in the way Rhythmbox, an integrated music
> management application based on the powerful GStreamer media framework, performed loading of HTML
> template files, used for rendering of 'Album', 'Lyrics', and 'Artist' tabs. Previously the
> '/tmp/context' directory has been searched as module directory when loading the HTML template files.
> A local attacker could use this flaw to conduct symbolic link attacks (possibly leading to
> attacker's ability to execute arbitrary HTML template file in the context of user running the
> rhythmbox executable).
>
> Upstream bug report:
> [1] https://bugzilla.gnome.org/show_bug.cgi?id=678661
>
> References:
> [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=835076
>
> Please note the [2] bug has been reported / opened on:
> "Date: Sun, 06 Mar 2011 14:58:46 +0100" yet, so this should
> get a CVE-2011-* identifier. Could you allocate one?

Replying to myself, since I forgot to mention this in the
previous post -- it doesn't look this has get a CVE identifier
previously:
  http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=rhythmbox

so please allocate one.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team