[Pkg-xen-changes] r461 - in branches/etch/xen-3.0/debian: . patches

Bastian Blank waldi at alioth.debian.org
Thu Oct 4 06:58:18 UTC 2007 

Author: waldi
Date: Thu Oct  4 06:58:18 2007
New Revision: 461

Log:
* debian/changelog: Update.
* debian/patches/00list: Update.
* debian/patches/CVE-2007-4993.dpatch: Add.


Added:
   branches/etch/xen-3.0/debian/patches/CVE-2007-4993.dpatch   (contents, props changed)
Modified:
   branches/etch/xen-3.0/debian/changelog
   branches/etch/xen-3.0/debian/patches/00list

Modified: branches/etch/xen-3.0/debian/changelog
==============================================================================
--- branches/etch/xen-3.0/debian/changelog	(original)
+++ branches/etch/xen-3.0/debian/changelog	Thu Oct  4 06:58:18 2007
@@ -1,8 +1,10 @@
 xen-3.0 (3.0.3-0-3) UNRELEASED; urgency=low
 
   * Use linux-support-2.6.18-5.
+  * Don't use exec with untrusted values in pygrub. (closes: #444430)
+    See CVE-2007-4993.
 
- -- Bastian Blank <waldi at debian.org>  Thu, 04 Oct 2007 08:52:53 +0200
+ -- Bastian Blank <waldi at debian.org>  Thu, 04 Oct 2007 08:56:22 +0200
 
 xen-3.0 (3.0.3-0-2) unstable; urgency=medium
 

Modified: branches/etch/xen-3.0/debian/patches/00list
==============================================================================
--- branches/etch/xen-3.0/debian/patches/00list	(original)
+++ branches/etch/xen-3.0/debian/patches/00list	Thu Oct  4 06:58:18 2007
@@ -8,3 +8,4 @@
 blktap-disable
 path-relative
 not-reinvent-udev
+CVE-2007-4993

Added: branches/etch/xen-3.0/debian/patches/CVE-2007-4993.dpatch
==============================================================================
--- (empty file)
+++ branches/etch/xen-3.0/debian/patches/CVE-2007-4993.dpatch	Thu Oct  4 06:58:18 2007
@@ -0,0 +1,69 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+
+ at DPATCH@
+diff -r 55c45361bbe3 -r 70bb28b62ffb tools/pygrub/src/GrubConf.py
+--- a/tools/pygrub/src/GrubConf.py	Tue Sep 25 09:30:00 2007 +0100
++++ b/tools/pygrub/src/GrubConf.py	Tue Sep 25 09:34:36 2007 +0100
+@@ -101,7 +101,7 @@ class GrubImage(object):
+ 
+         if self.commands.has_key(com):
+             if self.commands[com] is not None:
+-                exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
++                setattr(self, self.commands[com], arg.strip())
+             else:
+                 logging.info("Ignored image directive %s" %(com,))
+         else:
+@@ -142,11 +142,11 @@ class GrubImage(object):
+     initrd = property(get_initrd, set_initrd)
+ 
+     # set up command handlers
+-    commands = { "title": "self.title",
+-                 "root": "self.root",
+-                 "rootnoverify": "self.root",
+-                 "kernel": "self.kernel",
+-                 "initrd": "self.initrd",
++    commands = { "title": "title",
++                 "root": "root",
++                 "rootnoverify": "root",
++                 "kernel": "kernel",
++                 "initrd": "initrd",
+                  "chainloader": None,
+                  "module": None}
+         
+@@ -195,7 +195,7 @@ class GrubConfigFile(object):
+             (com, arg) = grub_exact_split(l, 2)
+             if self.commands.has_key(com):
+                 if self.commands[com] is not None:
+-                    exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
++                    setattr(self, self.commands[com], arg.strip())
+                 else:
+                     logging.info("Ignored directive %s" %(com,))
+             else:
+@@ -208,7 +208,7 @@ class GrubConfigFile(object):
+         (com, arg) = grub_exact_split(line, 2)
+         if self.commands.has_key(com):
+             if self.commands[com] is not None:
+-                exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
++                setattr(self, self.commands[com], arg.strip())
+             else:
+                 logging.info("Ignored directive %s" %(com,))
+         else:
+@@ -236,12 +236,12 @@ class GrubConfigFile(object):
+     splash = property(get_splash, set_splash)
+ 
+     # set up command handlers
+-    commands = { "default": "self.default",
+-                 "timeout": "self.timeout",
+-                 "fallback": "self.fallback",
+-                 "hiddenmenu": "self.hiddenmenu",
+-                 "splashimage": "self.splash",
+-                 "password": "self.password" }
++    commands = { "default": "default",
++                 "timeout": "timeout",
++                 "fallback": "fallback",
++                 "hiddenmenu": "hiddenmenu",
++                 "splashimage": "splash",
++                 "password": "password" }
+     for c in ("bootp", "color", "device", "dhcp", "hide", "ifconfig",
+               "pager", "partnew", "parttype", "rarp", "serial",
+               "setkey", "terminal", "terminfo", "tftpserver", "unhide"):

More information about the Pkg-xen-changes mailing list