[Debian-med-packaging] Bug#605159: gnumed-client: Use of PYTHONPATH env var in an insecure way

Karsten Hilbert Karsten.Hilbert at gmx.net
Tue Nov 30 16:37:33 UTC 2010


On Tue, Nov 30, 2010 at 05:25:00PM +0100, Andreas (Debian) wrote:

> thanks to the support of upstream there is a new release which fixes the
> issue.  However, the issue does not even really exist in *effective*
> upstream code - it is just contained in a *comment* which is simlpy
> activated in a patch in the Debian packaging.  So I wonder what might
> be the best strategy to handle this.
> 
>   1. Use upstream bugfix version which provides the proper PYTHONPATH
>      setting in the comment which will be activated later plus a
>      7 line patch in some unrelated code which is unlikely to break
>      something else.

Just for the record: those 7 lines fix another bug which
resulted in a crash (Python exception) when doctors tried to
document hospital admissions of their patients. This bug fix
has long been in production outside of Debian (and inside
the version 0.8.4 from Debian/Unstable) so there's no
known technical risk associated with it:

> +FIX: exception on trying to create hospital stay w/o episode [thanks devm]

...

> +		if self._PRW_episode.GetValue().strip() == u'':
> +			self._PRW_episode.display_as_valid(False)
> +			wxps.Publisher().sendMessage (
> +				topic = 'statustext',
> +				data = {'msg': _('Must select an episode or enter a name for a new one. Cannot save hospital stay.'), 'beep': True}
> +			)
> +			return False

Karsten
-- 
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346





More information about the Debian-med-packaging mailing list