Public bug reported:
if espeak is installed , some functions in the script
"speechd_config.py" can be used to execute Shell Commands.
------
Demo Example from the terminal type in :
theregrunner@mint17 : ~ $ python3
Python 3.4.0 (default, Apr 11 2014, 13:05:18)
[GCC 4.8.2] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import speechd_config
>>> speechd_config.options.use_espeak_synthesis=True
>>> speechd_config.report('This executes xterm but should not ";xterm;#"' )
------
The problem is that the script uses os.system() commands when espeak is
installed
/usr/lib/python3/dist-packages/speechd_config/config.py
line 34 - 39 :
def report(msg):
"""Output information messages for the user on stdout
and if desired, by espeak synthesis"""
print(msg)
if options.use_espeak_synthesis:
os.system("espeak \"" + msg + "\"")
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: python3-speechd 0.8-5ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-37.64-generic 3.13.11.7
Uname: Linux 3.13.0-37-generic i686
ApportVersion: 2.14.1-0ubuntu3.11
Architecture: i386
Date: Mon Jun 22 22:23:54 2015
InstallationDate: Installed on 2015-04-19 (64 days ago)
InstallationMedia: Linux Mint 17.1 "Rebecca" - Release i386 20150108
PackageArchitecture: all
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: speech-dispatcher
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: speech-dispatcher (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug i386 rebecca
** Attachment added: "Exploid Screenshot"
https://bugs.launchpad.net/bugs/1467666/+attachment/4418906/+files/Screenshot.png
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to speech-dispatcher in Ubuntu.
https://bugs.launchpad.net/bugs/1467666
Title:
speechd_config executes Shell Commands
Status in speech-dispatcher package in Ubuntu:
New
Bug description:
if espeak is installed , some functions in the script
"speechd_config.py" can be used to execute Shell Commands.
------
Demo Example from the terminal type in :
theregrunner@mint17 : ~ $ python3
Python 3.4.0 (default, Apr 11 2014, 13:05:18)
[GCC 4.8.2] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import speechd_config
>>> speechd_config.options.use_espeak_synthesis=True
>>> speechd_config.report('This executes xterm but should not ";xterm;#"' )
------
The problem is that the script uses os.system() commands when espeak
is installed
/usr/lib/python3/dist-packages/speechd_config/config.py
line 34 - 39 :
def report(msg):
"""Output information messages for the user on stdout
and if desired, by espeak synthesis"""
print(msg)
if options.use_espeak_synthesis:
os.system("espeak \"" + msg + "\"")
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: python3-speechd 0.8-5ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-37.64-generic 3.13.11.7
Uname: Linux 3.13.0-37-generic i686
ApportVersion: 2.14.1-0ubuntu3.11
Architecture: i386
Date: Mon Jun 22 22:23:54 2015
InstallationDate: Installed on 2015-04-19 (64 days ago)
InstallationMedia: Linux Mint 17.1 "Rebecca" - Release i386 20150108
PackageArchitecture: all
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: speech-dispatcher
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/speech-dispatcher/+bug/1467666/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
