[Reportbug-commits] [reportbug] 01/02: Acknowledge NMU (thanks for that!); Closes: #757190
Sandro Tosi
morph at moszumanska.debian.org
Fri Sep 5 06:52:25 UTC 2014
This is an automated email from the git hooks/post-receive script.
morph pushed a commit to branch master
in repository reportbug.
commit dd6aa26ef5d5fe4dddf12ea52caacfbfd862b6ed
Author: Sandro Tosi <morph at debian.org>
Date: Thu Sep 4 23:04:49 2014 +0100
Acknowledge NMU (thanks for that!); Closes: #757190
---
debian/changelog | 13 ++++++++++++-
reportbug/checkversions.py | 9 ++-------
2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index c0e7fe6..5f7a371 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,8 +14,19 @@ reportbug (6.5.1) UNRELEASED; urgency=medium
* reportbug/ui/gtk2_ui.py
- set monospace font when entering the bug body; thanks to Bob Bib for the
report; Closes: #700032
+ * Acknowledge NMU (thanks for that!); Closes: #757190
- -- Sandro Tosi <morph at debian.org> Sat, 24 May 2014 01:33:27 +0200
+ -- Sandro Tosi <morph at debian.org> Thu, 04 Sep 2014 23:03:41 +0100
+
+reportbug (6.5.0+nmu1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * CVE-2014-0479: Arbitrary code execution in compare_versions.
+ A man-in-the-middle attacker could put shell metacharacters in the
+ version number, causing execution of code of their choice.
+ Thanks to Jakub Wilk <jwilk at debian.org>
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Sun, 03 Aug 2014 16:03:15 +0200
reportbug (6.5.0) unstable; urgency=low
diff --git a/reportbug/checkversions.py b/reportbug/checkversions.py
index 0f3cae7..3756464 100644
--- a/reportbug/checkversions.py
+++ b/reportbug/checkversions.py
@@ -37,6 +37,7 @@ from reportbug.exceptions import (
# needed to parse new.822
from debian.deb822 import Deb822
+from debian import debian_support
RMADISON_URL = 'http://qa.debian.org/madison.php?package=%s&text=on'
INCOMING_URL = 'http://incoming.debian.org/'
@@ -87,13 +88,7 @@ def compare_versions(current, upstream):
"""Return 1 if upstream is newer than current, -1 if current is
newer than upstream, and 0 if the same."""
if not current or not upstream: return 0
- rc = os.system('dpkg --compare-versions %s lt %s' % (current, upstream))
- rc2 = os.system('dpkg --compare-versions %s gt %s' % (current, upstream))
- if not rc:
- return 1
- elif not rc2:
- return -1
- return 0
+ return debian_support.version_compare(upstream, current)
def later_version(a, b):
if compare_versions(a, b) > 0:
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reportbug/reportbug.git
More information about the Reportbug-commits
mailing list