> please also fix:
>
> diff -Nru reportbug-3.40/checks/compare_pseudo-pkgs_lists.py
> reportbug-3.40+nmu1/checks/compare_pseudo-pkgs_lists.py
> --- reportbug-3.40/checks/compare_pseudo-pkgs_lists.py 2008-05-22
> 03:21:42.0 +0200
> +++ reportbug-3.40+nmu1/checks/compare_pseudo-pkgs_lists.
Hi,
please also fix:
diff -Nru reportbug-3.40/checks/compare_pseudo-pkgs_lists.py
reportbug-3.40+nmu1/checks/compare_pseudo-pkgs_lists.py
--- reportbug-3.40/checks/compare_pseudo-pkgs_lists.py 2008-05-22
03:21:42.0 +0200
+++ reportbug-3.40+nmu1/checks/compare_pseudo-pkgs_lists.py 20
Hi Thijs,
* Thijs Kinkhorst <[EMAIL PROTECTED]> [2008-06-04 14:14]:
> On Wed, June 4, 2008 13:14, Nico Golde wrote:
> > I agree that it is of a low impact but I disagree that this
> > is not a security issue, people are using reportbug in /tmp and I don't see
> > a reason to assume people are not d
Per my vac message if you guys can put together a quick release in the
next day or so that would be great. It will otherwise be Tuesday at
the earliest. Chris.
On 6/4/08, Thijs Kinkhorst <[EMAIL PROTECTED]> wrote:
> On Wed, June 4, 2008 14:27, Thomas Arendsen Hein wrote:
>> I encountered this bug
On Wed, June 4, 2008 14:27, Thomas Arendsen Hein wrote:
> I encountered this bug in the real world: I extracted a tarball
> which contained a file named token.py, then I wanted to report a problem
> and therefore started reportbug.
>
> This tarball did not contain harmful code, but as I did not ver
* Thijs Kinkhorst <[EMAIL PROTECTED]> [20080604 14:13]:
> On Wed, June 4, 2008 13:14, Nico Golde wrote:
> > I agree that it is of a low impact but I disagree that this
> > is not a security issue, people are using reportbug in /tmp and I don't see
> > a reason to assume people are not doing that.
>
On Wed, June 4, 2008 13:14, Nico Golde wrote:
> I agree that it is of a low impact but I disagree that this
> is not a security issue, people are using reportbug in /tmp and I don't see
> a reason to assume people are not doing that.
The chance of succesful exploitation still seems very small, and
# Bcc: control
tags 484311 + patch
thanks
On 08/06/04 16:51 +0530, Y Giridhar Appaji Nag said ...
> Chris, can you confirm that this is case? We can remove os.curdir or add it
> as the last entry in sys.path.
>
> As an aside, I noticed that /usr/share/reportbug is added to sys.path once
> again
Hi all,
>> > sys.path = [os.curdir, '/usr/share/reportbug'] + sys.path
>> >
>> > To "exploit":
>> > $ echo 'raise "FOO"' > token.py
>> > $ reportbug
>>
>> Can you explain how this is a practical user security hole? Your exploit
>> shows how to "exploit yourself", but it seems very unlikely to me t
On 08/06/03 18:26 +0200, Thomas Arendsen Hein said ...
> sys.path = [os.curdir, '/usr/share/reportbug'] + sys.path
It looks like os.curdir has been added to sys.path only for temporary
debugging purposes (code modified in local directory and wanting to test it
without installing reportbug).
Chris
Hi Thijs,
* Thijs Kinkhorst <[EMAIL PROTECTED]> [2008-06-04 12:52]:
> On Tue, June 3, 2008 18:26, Thomas Arendsen Hein wrote:
> > Package: reportbug
> > Version: 3.31
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> >
> > sys.path = [os.curdir, '/usr/share/reportbu
Hi,
On Tue, June 3, 2008 18:26, Thomas Arendsen Hein wrote:
> Package: reportbug
> Version: 3.31
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
> sys.path = [os.curdir, '/usr/share/reportbug'] + sys.path
>
> To "exploit":
> $ echo 'raise "FOO"' > token.py
> $ reportbug
Hi Thomas,
* Thomas Arendsen Hein <[EMAIL PROTECTED]> [2008-06-03 18:51]:
[...]
> sys.path = [os.curdir, '/usr/share/reportbug'] + sys.path
>
> To "exploit":
[...]
Please use CVE-2008-2230 if you fix this bug and reference
this CVE id in the changelog when closing the bug.
Cheers
Nico
--
Nico
Package: reportbug
Version: 3.31
Severity: grave
Tags: security
Justification: user security hole
sys.path = [os.curdir, '/usr/share/reportbug'] + sys.path
To "exploit":
$ echo 'raise "FOO"' > token.py
$ reportbug
Traceback (most recent call last):
File "/usr/bin/reportbug", line 39, in ?
14 matches
Mail list logo
