[Debian-med-packaging] Bug#605159: gnumed-client: Use of PYTHONPATH env var in an insecure way
Andreas (Debian)
tille at debian.org
Tue Nov 30 16:25:00 UTC 2010
Hi,
thanks to the support of upstream there is a new release which fixes the
issue. However, the issue does not even really exist in *effective*
upstream code - it is just contained in a *comment* which is simlpy
activated in a patch in the Debian packaging. So I wonder what might
be the best strategy to handle this.
1. Use upstream bugfix version which provides the proper PYTHONPATH
setting in the comment which will be activated later plus a
7 line patch in some unrelated code which is unlikely to break
something else.
2. Simply patch 0.7.9 to fix only the reported issue but leave a
nasty bug in upstream.
All other changes in the code are autogenerated documentation changes
and thus excluded via "--exclude=*user-manual* --exclude=*api*" from the
diff (also --exclude=Gnumed was used to hide duplication of diffs
because directory Gnumed is a symlinc to client).
My prefered solution is to upload 0.7.10 to testing-proposed-updates
(because there is just a version 0.8.4 in unstable).
Kind regards
Andreas.
--
http://fam-tille.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnumed-client_0.7.9-0.7.10.diff
Type: text/x-diff
Size: 2695 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-med-packaging/attachments/20101130/9368fcb9/attachment-0001.diff>
More information about the Debian-med-packaging
mailing list