r19408 - in /packages/experimental/nautilus-python/debian: changelog patches/50_CVE-2009-0317.patch
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Tue Apr 7 13:47:20 UTC 2009
Author: joss
Date: Tue Apr 7 13:47:20 2009
New Revision: 19408
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=19408
Log:
50_CVE-2009-0317.patch: fix CVE-2009-0317: untrusted search path
vulnerability. Closes: #513419
Added:
packages/experimental/nautilus-python/debian/patches/50_CVE-2009-0317.patch
Modified:
packages/experimental/nautilus-python/debian/changelog
Modified: packages/experimental/nautilus-python/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/packages/experimental/nautilus-python/debian/changelog?rev=19408&op=diff
==============================================================================
--- packages/experimental/nautilus-python/debian/changelog (original)
+++ packages/experimental/nautilus-python/debian/changelog Tue Apr 7 13:47:20 2009
@@ -8,6 +8,10 @@
[ Emilio Pozuelo Monfort ]
* Change section back to python, override has been fixed.
* Do not duplicate the section in the binary package stanza.
+
+ [ Josselin Mouette ]
+ * 50_CVE-2009-0317.patch: fix CVE-2009-0317: untrusted search path
+ vulnerability. Closes: #513419
-- Loic Minier <lool at dooz.org> Mon, 21 Apr 2008 13:59:59 +0200
Added: packages/experimental/nautilus-python/debian/patches/50_CVE-2009-0317.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/packages/experimental/nautilus-python/debian/patches/50_CVE-2009-0317.patch?rev=19408&op=file
==============================================================================
--- packages/experimental/nautilus-python/debian/patches/50_CVE-2009-0317.patch (added)
+++ packages/experimental/nautilus-python/debian/patches/50_CVE-2009-0317.patch Tue Apr 7 13:47:20 2009
@@ -1,0 +1,10 @@
+--- src/nautilus-python.c.orig 2008-01-11 12:26:55.000000000 +0100
++++ src/nautilus-python.c 2009-04-07 15:45:17.955951735 +0200
+@@ -218,6 +218,7 @@
+
+ debug("PySys_SetArgv");
+ PySys_SetArgv(1, argv);
++ PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+ if (PyErr_Occurred()) {
+ PyErr_Print();
+ return FALSE;
More information about the pkg-gnome-commits
mailing list