[shutter] 01/01: Import Debian changes 0.88.3-1+deb7u1

ChangZhuo Chen czchen at moszumanska.debian.org
Wed Jun 21 09:35:26 UTC 2017 

This is an automated email from the git hooks/post-receive script.

czchen pushed a commit to branch debian/wheezy
in repository shutter.

commit 08f78e88cd18569bd40b878dc3b313fbdf972add
Author: Christoph Biedl <debian.axhn at manchmal.in-ulm.de>
Date:   Wed Dec 21 00:10:17 2016 +0100

    Import Debian changes 0.88.3-1+deb7u1
    
    shutter (0.88.3-1+deb7u1) wheezy-security; urgency=high
    
      * Fix insecure usage of system(). Closes: #798862 [CVE-2015-0854]
---
 debian/changelog                   |  6 ++++++
 debian/patches/CVE-2015-0854.patch | 18 ++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 25 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 0257c81..7baccd5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+shutter (0.88.3-1+deb7u1) wheezy-security; urgency=high
+
+  * Fix insecure usage of system(). Closes: #798862 [CVE-2015-0854]
+
+ -- Christoph Biedl <debian.axhn at manchmal.in-ulm.de>  Wed, 21 Dec 2016 00:10:17 +0100
+
 shutter (0.88.3-1) unstable; urgency=low
 
   * New upstream bugfix release
diff --git a/debian/patches/CVE-2015-0854.patch b/debian/patches/CVE-2015-0854.patch
new file mode 100644
index 0000000..69c61da
--- /dev/null
+++ b/debian/patches/CVE-2015-0854.patch
@@ -0,0 +1,18 @@
+Description: Fix insecure use of system()
+Author: Luke Faraone <lfaraone at debian.org>
+ID: CVE-2015-0854
+Bug: https://bugs.launchpad.net/shutter/+bug/1495163
+Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798862
+
+--- a/share/shutter/resources/modules/Shutter/App/HelperFunctions.pm
++++ b/share/shutter/resources/modules/Shutter/App/HelperFunctions.pm
+@@ -53,7 +53,8 @@
+ 
+ sub xdg_open {
+ 	my ( $self, $dialog, $link, $user_data ) = @_;
+-	system("xdg-open $link");
++	my @args = ("xdg-open", $link);
++	system(@args);
+ 	if($?){
+ 		my $response = $self->{_dialogs}->dlg_error_message( 
+ 			sprintf( $self->{_d}->get("Error while executing %s."), "'xdg-open'"),
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..7a8d251
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2015-0854.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/shutter.git

More information about the Pkg-perl-cvs-commits mailing list