Package(s):	dia	CVE #(s):	CVE-2008-5984
Created:	February 17, 2009	Updated:	December 9, 2009
Description:	From the Mandriva advisory: Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current dia working directory
Alerts:	Mandriva MDVSA-2009:046-1 dia 2009-12-08 Mandriva MDVSA-2009:046 dia 2009-02-20 Mandriva MDVSA-2009:040 dia 2008-02-16

---

to post comments