← Back to branch summary

~ubuntu-branches/ubuntu/wily/hplip/wily

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2013-6402.patch

  • Committer: Package Import Robot
  • Author(s): Mark Purcell, Till Kamppeter, Mark Purcell
  • Date: 2014-01-19 13:56:10 UTC
  • mfrom: (1.7.5)
  • Revision ID: package-import@ubuntu.com-20140119135610-7vvsrfbm2vfj0u1s
Tags: 3.14.1-1
http://bugs.debian.org/734140
* New upstream release 
  - CVE-2013-6427: hplip: insecure auto update feature
  - CVE-2013-6402: hplip: insecure temporary file handling in pkit.py

[ Till Kamppeter ]
* debian/control: Changed Depends/Recommends on foomatic-filters to
  "cups-filters (>= 1.0.42) | foomatic-filters" as foomatic-rip has
  moved to cups-filters from version 1.0.42 on (Closes: #734140).

[ Mark Purcell ]
* Ack NMU - thanks ~carnil
* Drop CVE-2013-6402.patch - addressed upstream

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2013-6402.patch
1
 
Description: Fix insecure temporary files handling in pkit.py
2
 
Origin: vendor 
3
 
Bug-Debian: http://bugs.debian.org/725876
4
 
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1035243
5
 
Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=852368
6
 
Bug-Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=492712
7
 
Author: Moritz Muehlenhoff <jmm@debian.org> 
8
 
Last-Update: 2014-01-12
9
 
 
10
 
diff -aur hplip-3.12.6.orig/base/pkit.py hplip-3.12.6/base/pkit.py
11
 
--- hplip-3.12.6.orig/base/pkit.py      2012-06-18 12:44:13.000000000 +0200
12
 
+++ hplip-3.12.6/base/pkit.py   2013-12-10 13:04:22.916674893 +0100
13
 
@@ -29,6 +29,7 @@
14
 
 import ConfigParser
15
 
 import shutil
16
 
 import stat
17
 
+import tempfile
18
 
 
19
 
 # Local
20
 
 from base.logger import *
21
 
@@ -205,7 +206,7 @@
22
 
     class BackendService(PolicyKitService):
23
 
         INTERFACE_NAME = 'com.hp.hplip'
24
 
         SERVICE_NAME   = 'com.hp.hplip'
25
 
-        LOGFILE_NAME   = '/tmp/hp-pkservice.log'
26
 
+        LOGFILE_NAME   = tempfile.mktemp(prefix="hp-pkservice-", suffix=".log")
27
 
 
28
 
         def __init__(self, connection=None, path='/', logfile=LOGFILE_NAME):
29
 
             if connection is None: