Your message dated Tue, 18 Feb 2014 19:18:45 +0000 with message-id <[email protected]> and subject line Bug#737051: fixed in logilab-common 0.61.0-1 has caused the Debian Bug report #737051, regarding python-logilab-common: insecure use of /tmp (CVE-2014-1838 CVE-2014-1839) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 737051: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: python-logilab-common Version: 0.60.1-1 Severity: important Tags: security I saw these gems in logilab/common/pdf_ext.py: def extract_keys_from_pdf(filename): # what about using 'pdftk filename dump_data_fields' and parsing the output ? os.system('pdftk %s generate_fdf output /tmp/toto.fdf' % filename) lines = file('/tmp/toto.fdf').readlines() return extract_keys(lines) def fill_pdf(infile, outfile, fields): write_fields(file('/tmp/toto.fdf', 'w'), fields) os.system('pdftk %s fill_form /tmp/toto.fdf output %s flatten' % (infile, outfile)) -- Jakub Wilk
--- End Message ---
--- Begin Message ---Source: logilab-common Source-Version: 0.61.0-1 We believe that the bug you reported is fixed in the latest version of logilab-common, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sandro Tosi <[email protected]> (supplier of updated logilab-common package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 18 Feb 2014 20:03:39 +0100 Source: logilab-common Binary: python-logilab-common python3-logilab-common Architecture: source all Version: 0.61.0-1 Distribution: unstable Urgency: medium Maintainer: Sandro Tosi <[email protected]> Changed-By: Sandro Tosi <[email protected]> Description: python-logilab-common - useful miscellaneous modules used by Logilab projects python3-logilab-common - useful miscellaneous modules used by Logilab projects (Python3) Closes: 737051 Changes: logilab-common (0.61.0-1) unstable; urgency=medium . * New upstream release - fix insecure use of /tmp, thanks to Jakub Wilk for the report; Closes: #737051 * Switch to dh_python2 * debian/control - switch me to Maintainer (team to Uploaders) * debian/copyright - switch to DEP-5 format Checksums-Sha1: 8a9d9b67972cbf7ca7d5ec9d4d7eab6baa42df46 1634 logilab-common_0.61.0-1.dsc 700c87f45133a8a20e1ac815f197cc1a5a408e27 199304 logilab-common_0.61.0.orig.tar.gz b27a9255a4b9aded5d76c8e6193e2586d62d8792 7960 logilab-common_0.61.0-1.debian.tar.xz 539cc182ad26365a532eb57f65205eee6af2d77a 427084 python-logilab-common_0.61.0-1_all.deb dec4f1bff2568afefe24f3b64b9f0bb22f2af4a5 130482 python3-logilab-common_0.61.0-1_all.deb Checksums-Sha256: b33c12d186264d2220b3960071a3c2aed9c0f93e70876a38a56ac17aa20efa2a 1634 logilab-common_0.61.0-1.dsc 0d92e78deeaa16bf23cd94d8b3ea41522d0a110db16657fbe22a52b959d65725 199304 logilab-common_0.61.0.orig.tar.gz c081602050c9facc7dd1aafd2854770562c22c47cead4f592093b0795f3c4aea 7960 logilab-common_0.61.0-1.debian.tar.xz e36adb02aaead81b5ac4c8f04c0b9da1eed3436c9e55cf1287449dad85caebc2 427084 python-logilab-common_0.61.0-1_all.deb 6f49eac0cf80f8c91f62d0c5603fe966afd7c2206565f22331dbda0ac338fdd1 130482 python3-logilab-common_0.61.0-1_all.deb Files: 3662c6a4c6b1f3e74419b0a75eee1019 1634 python optional logilab-common_0.61.0-1.dsc 1506cb79a2468ddf7b09b6bf2855a697 199304 python optional logilab-common_0.61.0.orig.tar.gz 0181dd14a78955f9e449dc9326cde794 7960 python optional logilab-common_0.61.0-1.debian.tar.xz e2dc229861623dd7ea1f7ef76ce23d0b 427084 python optional python-logilab-common_0.61.0-1_all.deb 2aa971ff98d9c2c7d48d3a9bf05b7f88 130482 python optional python3-logilab-common_0.61.0-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iEYEARECAAYFAlMDr4AACgkQAukwV0RN2VCpfwCffmFl9lBV3qkcoKjl7cUW/qMV rqgAn2qXpmlG/XI2R2yFYB7UY9pWzU5i =1T1l -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Python-modules-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
