ArchLinux: 201611-13: shutter: arbitrary code execution
Summary
A vulnerability has been discovered in shutter. Using the "Show in folder" menu option while viewing a file with a specially-crafted path allows arbitrary code execution with the permissions of the user running shutter.
Resolution
Upgrade to 0.93.1-3.
# pacman -Syu "shutter>=0.93.1-3"
The problem has been fixed upstream but no release is available yet.
References
https://bugs.archlinux.org/task/50735 https://seclists.org/oss-sec/2015/q3/541 https://access.redhat.com/security/cve/CVE-2015-0854
Workaround
None.