Your message dated Sun, 03 Jan 2010 02:24:18 +0000
with message-id <e1nrg8g-0004iy...@ries.debian.org>
and subject line Bug#560755: fixed in python-docutils 0.5-2+lenny1
has caused the Debian Bug report #560755,
regarding python-docutils: insecure use of temporary files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
560755: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560755
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-docutils
Version: 0.5-2
Severity: grave
Tags: security help
Justification: user security hole
Emacs major mode for reStructuredText (rst.el) uses temporary files
with predictable names in an insecure fashion:
| (defun rst-compile-pdf-preview ()
| "Convert the document to a PDF file and launch a preview program."
| (interactive)
| (let* ((tmp-filename "/tmp/out.pdf")
| (command (format "%s %s %s && %s %s"
| (cadr (assq 'pdf rst-compile-toolsets))
| buffer-file-name tmp-filename
| rst-pdf-program tmp-filename)))
| (start-process-shell-command "rst-pdf-preview" nil command)
| ;; Note: you could also use (compile command) to view the compilation
| ;; output.
| ))
[...]
| (defun rst-compile-slides-preview ()
| "Convert the document to an S5 slide presentation and launch a preview
program."
| (interactive)
| (let* ((tmp-filename "/tmp/slides.html")
| (command (format "%s %s %s && %s %s"
| (cadr (assq 's5 rst-compile-toolsets))
| buffer-file-name tmp-filename
| rst-slides-program tmp-filename)))
| (start-process-shell-command "rst-slides-preview" nil command)
| ;; Note: you could also use (compile command) to view the compilation
| ;; output.
| ))
How to reproduce/exploit this bug
---------------------------------
Attacker:
$ ln -sf /path/to/file/the/attacker/want/to/overwrite /tmp/slides.html
Victim:
$ emacs foo.rst
M-x rst-mode
C-c 5
--
Jakub Wilk
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: python-docutils
Source-Version: 0.5-2+lenny1
We believe that the bug you reported is fixed in the latest version of
python-docutils, which is due to be installed in the Debian FTP archive:
python-docutils_0.5-2+lenny1.diff.gz
to main/p/python-docutils/python-docutils_0.5-2+lenny1.diff.gz
python-docutils_0.5-2+lenny1.dsc
to main/p/python-docutils/python-docutils_0.5-2+lenny1.dsc
python-docutils_0.5-2+lenny1_all.deb
to main/p/python-docutils/python-docutils_0.5-2+lenny1_all.deb
python-roman_0.5-2+lenny1_all.deb
to main/p/python-docutils/python-roman_0.5-2+lenny1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 560...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jakub Wilk <uba...@users.sf.net> (supplier of updated python-docutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 16 Dec 2009 14:14:14 +0100
Source: python-docutils
Binary: python-docutils python-roman
Architecture: source all
Version: 0.5-2+lenny1
Distribution: stable
Urgency: high
Maintainer: Debian Python Modules Team
<python-modules-t...@lists.alioth.debian.org>
Changed-By: Jakub Wilk <uba...@users.sf.net>
Description:
python-docutils - Utilities for the documentation of Python modules
python-roman - A module for generating/analyzing Roman numerals
Closes: 560755
Changes:
python-docutils (0.5-2+lenny1) stable; urgency=high
.
* Fix insecure use of temporary files in the Emacs major mode for
reStructuredText (closes: #560755). Thanks to Kumar Appaiah for helping to
deal with this bug.
Checksums-Sha1:
c71f6c611cf8faad2bfe8754ceee8ba678b161d3 1567 python-docutils_0.5-2+lenny1.dsc
49ad37d95b45a6043c98c12cf1b0d489c5b142ec 33322
python-docutils_0.5-2+lenny1.diff.gz
ce9d71624dadd8b179e2c9ae8e4881e1fdb4b7db 1581264
python-docutils_0.5-2+lenny1_all.deb
cca731cbba11ac1210a9447981a7bdbcbf1f48b3 14138
python-roman_0.5-2+lenny1_all.deb
Checksums-Sha256:
e6e0e5ec06aca1525b2e34bfadefc9523d2021ffe10357b8b74b336a2201c4c3 1567
python-docutils_0.5-2+lenny1.dsc
6bc92bb28b0aab037783ad498558f8c761eb56dd57a01b5036c20d9aa134dcdb 33322
python-docutils_0.5-2+lenny1.diff.gz
20e8ef6ad96e962f43dee31e125395b10ca41d0872bdf0b107daffc081320fb8 1581264
python-docutils_0.5-2+lenny1_all.deb
d13d0880fe05a3de3e921d85bb284bf916960eb257c4e90929e2905707bcdb58 14138
python-roman_0.5-2+lenny1_all.deb
Files:
841aa5a9ae628cf9e11b08c516ade165 1567 python optional
python-docutils_0.5-2+lenny1.dsc
e0aecdbd775fa973661b7e0296ffa86b 33322 python optional
python-docutils_0.5-2+lenny1.diff.gz
7628582d39fd689cb7c6e45a0b78fade 1581264 python optional
python-docutils_0.5-2+lenny1_all.deb
7c25070d55353c370ec122fa76c341b9 14138 python optional
python-roman_0.5-2+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAks6S28ACgkQB01zfu119ZnkmwCff8PXXJeNJoljMy118k8tHmXK
ibgAoM4VUwPOoFvJw9fcY/rc/AvBeVSK
=pSh8
-----END PGP SIGNATURE-----
--- End Message ---
