[Debian-med-packaging] Bug#605159: gnumed-client: Use of PYTHONPATH env var in an insecure way
Mehdi Dogguy
mehdi at dogguy.org
Sun Dec 5 11:47:07 UTC 2010
On 11/30/2010 05:25 PM, Andreas (Debian) wrote:
> Hi,
>
> thanks to the support of upstream there is a new release which fixes the
> issue. However, the issue does not even really exist in *effective*
> upstream code - it is just contained in a *comment* which is simlpy
> activated in a patch in the Debian packaging. So I wonder what might
> be the best strategy to handle this.
>
> 1. Use upstream bugfix version which provides the proper PYTHONPATH
> setting in the comment which will be activated later plus a
> 7 line patch in some unrelated code which is unlikely to break
> something else.
> 2. Simply patch 0.7.9 to fix only the reported issue but leave a
> nasty bug in upstream.
>
> All other changes in the code are autogenerated documentation changes
> and thus excluded via "--exclude=*user-manual* --exclude=*api*" from the
> diff (also --exclude=Gnumed was used to hide duplication of diffs
> because directory Gnumed is a symlinc to client).
>
> My prefered solution is to upload 0.7.10 to testing-proposed-updates
> (because there is just a version 0.8.4 in unstable).
>
Uploading 0.7.10 to t-p-u is fine. Could you please go ahead with the
upload?
Regards,
--
Mehdi Dogguy مهدي الدڤي
http://dogguy.org/
More information about the Debian-med-packaging
mailing list