[shutter] 61/73: Fix insecure use of system() (Closes: #798862, LP: #1495163).

ChangZhuo Chen czchen at moszumanska.debian.org
Thu Mar 2 01:29:14 UTC 2017 

This is an automated email from the git hooks/post-receive script.

czchen pushed a commit to branch master
in repository shutter.

commit 15640fe3587e419691c3cd3a93e563eeb3fbcc61
Author: Andrew Starr-Bochicchio <a.starr.b at gmail.com>
Date:   Thu Nov 5 21:46:52 2015 -0500

    Fix insecure use of system() (Closes: #798862, LP: #1495163).
---
 debian/changelog                            |  1 +
 debian/patches/insecure_use_of_system.patch | 19 +++++++++++++++++++
 debian/patches/series                       |  1 +
 3 files changed, 21 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 40fa263..cb917f8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
 shutter (0.93.1-1) UNRELEASED; urgency=medium
 
   * New upstream release.
+  * Fix insecure use of system() (Closes: #798862, LP: #1495163).
 
  -- Andrew Starr-Bochicchio <asb at debian.org>  Thu, 05 Nov 2015 20:24:06 -0500
 
diff --git a/debian/patches/insecure_use_of_system.patch b/debian/patches/insecure_use_of_system.patch
new file mode 100644
index 0000000..e71a44f
--- /dev/null
+++ b/debian/patches/insecure_use_of_system.patch
@@ -0,0 +1,19 @@
+Description: Fix insecure use of system()
+Author: Luke Faraone <lfaraone at debian.org>
+Bug: https://bugs.launchpad.net/shutter/+bug/1495163
+Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798862
+
+Index: shutter/share/shutter/resources/modules/Shutter/App/HelperFunctions.pm
+===================================================================
+--- shutter.orig/share/shutter/resources/modules/Shutter/App/HelperFunctions.pm	2015-11-05 21:34:34.222313258 -0500
++++ shutter/share/shutter/resources/modules/Shutter/App/HelperFunctions.pm	2015-11-05 21:35:37.299461116 -0500
+@@ -53,7 +53,8 @@
+ 
+ sub xdg_open {
+ 	my ( $self, $dialog, $link, $user_data ) = @_;
+-	system("xdg-open $link");
++	my @args = ("xdg-open", $link);
++	system(@args);
+ 	if($?){
+ 		my $response = $self->{_dialogs}->dlg_error_message( 
+ 			sprintf( $self->{_d}->get("Error while executing %s."), "'xdg-open'"),
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..3c3a073
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+insecure_use_of_system.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/shutter.git

More information about the Pkg-perl-cvs-commits mailing list