found 605178 1:3.2.1-7 found 605178 1:2.4.1+dfsg-1+lenny8 severity 605178 minor thanks
On Sat, Nov 27, 2010 at 10:45:58PM +0000, Sandro Tosi wrote: > Version: 1:3.3.0~beta2-2 If the log says 2.4.1 and 3.2.1, too, why did you file it only against 1:3.3.0~beta2-2? :) > Severity: important Well, it's a demo and it's a *tcsh* script.... I'd call it minor... > Tags: security See above. > Your package turns out to ship vulnerable examples or contains > insecure advices: you can find a complete log at [2]. It's the second... > [2] http://people.debian.org/~morph/mbf/pythonpath.txt If the log says 2.4.1 and 3.2.1, too, why did you file it only against 1:3.3.0~beta2-2? :) > Some guidelines on how to fix these bugs: in the case given above, you > can use something like > > PYTHONPATH=/spam/eggs${PYTHONPATH:+:$PYTHONPATH} > > (If you don't known this construct, grep for "Use Alternative Value" > in the bash/dash manpage.) What is the tcsh equivalent? (BTW, the offending line is probably setenv PYTHONPATH .:$OOOHOME/program:$OOOHOME/program/pydemo:$OOOHOME/program/python/lib:$PYTHONPATH which is basically noop, as there's no internal python copy in our builds, and /pydemo doesn't exist either, same as python scripts in $OOOHOME/program and especially since OOHOME is set as "setenv OOOHOME /src4/OpenOffice.org1.1Beta2" :) Grüße/Regards, René -- .''`. René Engelhard -- Debian GNU/Linux Developer : :' : http://www.debian.org | http://people.debian.org/~rene/ `. `' r...@debian.org | GnuPG-Key ID: D03E3E70 `- Fingerprint: E12D EA46 7506 70CF A960 801D 0AA0 4571 D03E 3E70 -- To UNSUBSCRIBE, email to debian-openoffice-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101127232947.gx24...@rene-engelhard.de
