[Reportbug-commits] [reportbug] 01/02: Acknowledge NMU (thanks for that!); Closes: #757190

Sandro Tosi morph at moszumanska.debian.org
Fri Sep 5 06:52:25 UTC 2014 

This is an automated email from the git hooks/post-receive script.

morph pushed a commit to branch master
in repository reportbug.

commit dd6aa26ef5d5fe4dddf12ea52caacfbfd862b6ed
Author: Sandro Tosi <morph at debian.org>
Date:   Thu Sep 4 23:04:49 2014 +0100

    Acknowledge NMU (thanks for that!); Closes: #757190
---
 debian/changelog           | 13 ++++++++++++-
 reportbug/checkversions.py |  9 ++-------
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index c0e7fe6..5f7a371 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,8 +14,19 @@ reportbug (6.5.1) UNRELEASED; urgency=medium
   * reportbug/ui/gtk2_ui.py
     - set monospace font when entering the bug body; thanks to Bob Bib for the
       report; Closes: #700032
+  * Acknowledge NMU (thanks for that!); Closes: #757190
 
- -- Sandro Tosi <morph at debian.org>  Sat, 24 May 2014 01:33:27 +0200
+ -- Sandro Tosi <morph at debian.org>  Thu, 04 Sep 2014 23:03:41 +0100
+
+reportbug (6.5.0+nmu1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * CVE-2014-0479: Arbitrary code execution in compare_versions.
+    A man-in-the-middle attacker could put shell metacharacters in the
+    version number, causing execution of code of their choice.
+    Thanks to Jakub Wilk <jwilk at debian.org>
+
+ -- Salvatore Bonaccorso <carnil at debian.org>  Sun, 03 Aug 2014 16:03:15 +0200
 
 reportbug (6.5.0) unstable; urgency=low
 
diff --git a/reportbug/checkversions.py b/reportbug/checkversions.py
index 0f3cae7..3756464 100644
--- a/reportbug/checkversions.py
+++ b/reportbug/checkversions.py
@@ -37,6 +37,7 @@ from reportbug.exceptions import (
 
 # needed to parse new.822
 from debian.deb822 import Deb822
+from debian import debian_support
 
 RMADISON_URL = 'http://qa.debian.org/madison.php?package=%s&text=on'
 INCOMING_URL = 'http://incoming.debian.org/'
@@ -87,13 +88,7 @@ def compare_versions(current, upstream):
     """Return 1 if upstream is newer than current, -1 if current is
     newer than upstream, and 0 if the same."""
     if not current or not upstream: return 0
-    rc = os.system('dpkg --compare-versions %s lt %s' % (current, upstream))
-    rc2 = os.system('dpkg --compare-versions %s gt %s' % (current, upstream))
-    if not rc:
-        return 1
-    elif not rc2:
-        return -1
-    return 0
+    return debian_support.version_compare(upstream, current)
 
 def later_version(a, b):
     if compare_versions(a, b) > 0:

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reportbug/reportbug.git

More information about the Reportbug-commits mailing list