CVE-2008-5986

NameCVE-2008-5986
DescriptionUntrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs504359

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
csound (PTS)jessie1:6.03.2~dfsg-1fixed
stretch1:6.08.0~dfsg-1fixed
buster1:6.12.2~dfsg-3.1fixed
bullseye1:6.14.0~dfsg-6fixed
bookworm1:6.18.1+dfsg-1fixed
sid, trixie1:6.18.1+dfsg-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
csoundsourceetch(not affected)
csoundsourcelenny1:5.08.0.dfsg2-8+lenny2low504359
csoundsource(unstable)5.08.2~dfsg-1.1low504359

Notes

[etch] - csound <not-affected> (Vulnerable code not present)
Search for package or bug name: Reporting problems