subject:"Bug#605157\: calendarserver\: Use of PYTHONPATH env var in an insecure way"

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

2010-12-10 Thread Jakub Wilk

* Dmitrijs Ledkovs , 2010-12-10, 01:25: I have tested this by running calendarserver with & without new patch and I can add/retrieve calendar events over the network using thunderbird-lightning. The new patch looks good. I'll upload Dmitrijs' NMU shortly (with s/urgency=low/urgency=high/). -

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

2010-12-09 Thread Dmitrijs Ledkovs

tags 605157 + patch thanks Jakub Wilk writes: > tags 605157 - patch > thanks > > * Dmitrijs Ledkovs , 2010-12-03, 22:37: >>With my patch applied the resulting /usr/bin/caldavd has: >> >>PYTHONPATH="/usr/lib/twisted-calendarserver/lib/python2.6/site-packages/:+:$PYTHONPATH" > > So if PYTHONPATH w

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

2010-12-08 Thread Jakub Wilk

tags 605157 - patch thanks * Dmitrijs Ledkovs , 2010-12-03, 22:37: With my patch applied the resulting /usr/bin/caldavd has: PYTHONPATH="/usr/lib/twisted-calendarserver/lib/python2.6/site-packages/:+:$PYTHONPATH" So if PYTHONPATH was originally empty or unset, this expands to: PYTHONPATH=/usr

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

2010-12-08 Thread Moritz Muehlenhoff

On Fri, Dec 03, 2010 at 09:45:04PM +, Dmitrijs Ledkovs wrote: > tags 605157 patch > thanks > > Dear maintainer, > > I've prepared an NMU for calendarserver (versioned as 2.4.dfsg-2.1). I > will seek sponsorship to upload for delayed queue. If anyone is sponsoring a fixed package, please upl

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

2010-12-03 Thread Dmitrijs Ledkovs

Jakub Wilk writes: > Hi Dmitrijs, > >>+@@ -145,7 +145,7 @@ >>+ line = line.rstrip("\n") >>+ if fileType == "sh": >>+ if line == "#PYTHONPATH": >>+-script.append('PYTHONPATH="%s:$PYTHONPATH"' % >>(install_lib,)) >>++s

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

2010-12-03 Thread Dmitrijs Ledkovs

Jakub Wilk writes: > Hi Dmitrijs, > >>+@@ -145,7 +145,7 @@ >>+ line = line.rstrip("\n") >>+ if fileType == "sh": >>+ if line == "#PYTHONPATH": >>+-script.append('PYTHONPATH="%s:$PYTHONPATH"' % >>(install_lib,)) >>++s

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

2010-12-03 Thread Jakub Wilk

Hi Dmitrijs, +@@ -145,7 +145,7 @@ + line = line.rstrip("\n") + if fileType == "sh": + if line == "#PYTHONPATH": +-script.append('PYTHONPATH="%s:$PYTHONPATH"' % (install_lib,)) ++script.append('PYTHONPATH="%s:+:$PYTH

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

2010-12-03 Thread Dmitrijs Ledkovs

tags 605157 patch thanks Dear maintainer, I've prepared an NMU for calendarserver (versioned as 2.4.dfsg-2.1). I will seek sponsorship to upload for delayed queue. pgpEfY60Azu3z.pgp Description: PGP signature === modified file 'debian/changelog' --- a/debian/changelog 2010-08-25 15:23:37 +

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

Bug#605157: calendarserver: Use of PYTHONPATH env var in an insecure way

8 matches

Site Navigation

Mail list logo

Footer information