Gentoo Linux Security Advisory GLSA 200904-03 - An untrusted search path vulnerability in Gnumeric might result in the execution of arbitrary code. James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric. Versions less than 1.8.4-r1 are affected.
aafe3eb3416c8f513222884d0b54d766be6401ff0a9b3f7cca8e8cb6bd4245ed
Mandriva Linux Security Advisory 2009-043 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Gnumeric working directory. This update provides fix for that vulnerability.
eb509a7473c00b9d3ba47190b6e5b5374f4c4ab77e7ca8d0e67b1c2e7b85a111