Bug#513509: intent to NMU

Thu, 05 Feb 2009 10:35:12 -0800 

Hi,
attached is a patch to fix this issue which I will upload as 
a 0-day NMU.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

diff -u xchat-2.8.6/debian/changelog xchat-2.8.6/debian/changelog
--- xchat-2.8.6/debian/changelog
+++ xchat-2.8.6/debian/changelog
@@ -1,3 +1,11 @@
+xchat (2.8.6-2.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix insecure search path vulnerability in the python module by
+    sanitizing sys.path (46_CVE-2009-0315.dpatch; Closes: #513509)
+
+ -- Nico Golde <n...@debian.org>  Thu, 05 Feb 2009 19:20:23 +0100
+
 xchat (2.8.6-2) unstable; urgency=low
 
   * debian/patches/45_save_ignore.dpatch: Added.  Closes: #463072.
diff -u xchat-2.8.6/debian/patches/00list xchat-2.8.6/debian/patches/00list
--- xchat-2.8.6/debian/patches/00list
+++ xchat-2.8.6/debian/patches/00list
@@ -7,0 +8 @@
+46_CVE-2009-0315
only in patch2:
unchanged:
--- xchat-2.8.6.orig/debian/patches/46_CVE-2009-0315.dpatch
+++ xchat-2.8.6/debian/patches/46_CVE-2009-0315.dpatch
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 46_CVE-2009-0315.dpatch by Nico Golde <n...@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+...@dpatch@
+diff -urNad xchat-2.8.6~/plugins/python/python.c xchat-2.8.6/plugins/python/python.c
+--- xchat-2.8.6~/plugins/python/python.c	2008-03-29 06:57:35.000000000 +0100
++++ xchat-2.8.6/plugins/python/python.c	2009-02-05 19:13:02.000000000 +0100
+@@ -1106,6 +1106,7 @@
+ 	}
+ 
+ 	PySys_SetArgv(1, argv);
++	PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+ 	PySys_SetObject("__plugin__", (PyObject *) plugin);
+ 
+ 	/* Set stdout and stderr to xchatout. */
+@@ -2110,6 +2111,7 @@
+ 	Py_SetProgramName("xchat");
+ 	Py_Initialize();
+ 	PySys_SetArgv(1, argv);
++	PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+ 
+ 	Plugin_Type.ob_type = &PyType_Type;
+ 	Context_Type.ob_type = &PyType_Type;

Attachment: pgpJFFqHmB8Di.pgp
Description: PGP signature

Reply via email to