[shutter] 02/05: add patch to fix CVE-2016-10081 (Closes: #849777)

Sat May 20 20:40:17 UTC 2017

This is an automated email from the git hooks/post-receive script.

gregoa pushed a commit to branch jessie
in repository shutter.

commit 87f106dd4f0049cf7c1b4f77929d059b229a90a9
Author: Dominique Dumont <dod at debian.org>
Date:   Fri Jan 6 21:06:08 2017 +0100

    add patch to fix CVE-2016-10081 (Closes: #849777)
---
 debian/patches/CVE-2016-10081.patch | 42 +++++++++++++++++++++++++++++++++++++
 debian/patches/series               |  1 +
 2 files changed, 43 insertions(+)

diff --git a/debian/patches/CVE-2016-10081.patch b/debian/patches/CVE-2016-10081.patch
new file mode 100644
index 0000000..5fef9a2
--- /dev/null
+++ b/debian/patches/CVE-2016-10081.patch
@@ -0,0 +1,42 @@
+Bug: https://bugs.launchpad.net/shutter/+bug/1652600
+Bug-Debian: https://bugs.debian.org/849777
+Author: Christoph Biedl <debian.axhn at manchmal.in-ulm.de>
+Description: fix insecure use of perl exec()
+ The patch attached uses the multi-argument invocation and also changes
+ it in the code path for non-Perl plugins.
+--- a/bin/shutter
++++ b/bin/shutter
+@@ -7164,8 +7164,13 @@
+             elsif ( $pid == 0 ) {
+ 
+                 #see Bug #661424
+-                my $qfilename = quotemeta $session_screens{$key}->{'long'};
+-                exec( sprintf( "$^X $plugin_value %d $qfilename $session_screens{$key}->{'width'} $session_screens{$key}->{'height'} $session_screens{$key}->{'filetype'}\n", $socket->get_id ) );
++                #my $qfilename = quotemeta $session_screens{$key}->{'long'};
++                exec( $^X, $plugin_value,
++                    $socket->get_id,
++                    $session_screens{$key}->{'long'},
++                    $session_screens{$key}->{'width'},
++                    $session_screens{$key}->{'height'},
++                    $session_screens{$key}->{'filetype'} );
+             }
+ 
+             $sdialog->show_all;
+@@ -7198,11 +7203,15 @@
+             my $plugin_process = Proc::Simple->new;
+ 
+             #see Bug #661424
+-            my $qfilename = quotemeta $session_screens{$key}->{'long'};
++            #my $qfilename = quotemeta $session_screens{$key}->{'long'};
+ 
+             $plugin_process->start(
+                 sub {
+-                    system("'$plugin_value' $qfilename '$session_screens{$key}->{'width'}' '$session_screens{$key}->{'height'}' '$session_screens{$key}->{'filetype'}' ");
++                    system( $plugin_value,
++                        $session_screens{$key}->{'long'},
++                        $session_screens{$key}->{'width'},
++                        $session_screens{$key}->{'height'},
++                        $session_screens{$key}->{'filetype'} );
+                     POSIX::_exit(0);
+                 }
+             );
diff --git a/debian/patches/series b/debian/patches/series
index 7a8d251..1eb7d84 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 CVE-2015-0854.patch
+CVE-2016-10081.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/shutter.git

