[Python-modules-commits] r29696 - in packages/gamera/trunk/debian (3 files)
danstender-guest at users.alioth.debian.org
danstender-guest at users.alioth.debian.org
Tue Jul 8 23:33:39 UTC 2014
Date: Tuesday, July 8, 2014 @ 23:33:38
Author: danstender-guest
Revision: 29696
added avoid_mktemp.diff to fix CVE-2014-1937
Added:
packages/gamera/trunk/debian/patches/avoid_mktemp.diff
Modified:
packages/gamera/trunk/debian/changelog
packages/gamera/trunk/debian/patches/series
Modified: packages/gamera/trunk/debian/changelog
===================================================================
--- packages/gamera/trunk/debian/changelog 2014-07-08 23:12:27 UTC (rev 29695)
+++ packages/gamera/trunk/debian/changelog 2014-07-08 23:33:38 UTC (rev 29696)
@@ -4,6 +4,7 @@
* New upstream release (3.4.1, Closes: #747548).
* Removed setup-no-import.diff (setup.py now provides --nowx switch,
added that to deb/rules.)
+ * Added avoid_mktemp.diff to fix CVE-2014-1937 (Closes: #737324).
* Refreshed fix-typos.diff.
* deb/control:
+ Changed maintainer (Closes: #629177).
@@ -38,7 +39,7 @@
* Set PYTHONHASHSEED=random in debian/rules.
* Use canonical URIs for Vcs-* fields.
- -- Daniel Stender <debian at danielstender.com> Tue, 08 Jul 2014 16:47:46 +0200
+ -- Daniel Stender <debian at danielstender.com> Wed, 09 Jul 2014 01:18:34 +0200
gamera (3.3.3-2) unstable; urgency=low
Added: packages/gamera/trunk/debian/patches/avoid_mktemp.diff
===================================================================
--- packages/gamera/trunk/debian/patches/avoid_mktemp.diff (rev 0)
+++ packages/gamera/trunk/debian/patches/avoid_mktemp.diff 2014-07-08 23:33:38 UTC (rev 29696)
@@ -0,0 +1,16 @@
+Description: Fixed security hole because of usage of tmpfile.mktemp()
+Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737324
+Forwarded: no
+Author: Daniel Stender <debian at danielstender.com>
+Last-Update: 2014-07-09
+--- a/gamera/io.py
++++ b/gamera/io.py
+@@ -944,7 +944,7 @@ Returns: numpy array of specified type
+ raise ValueError, "type can be 'i', 'f' or 'd' in load()"
+
+ ## STRIP OUT % AND # LINES
+- tmpname = tempfile.mktemp()
++ tmpname = tempfile.NamedTemporaryFile(delete=False)
+ if sys.platform == 'win32':
+ # NT VERSION OF GREP DOESN'T DO THE STRIPPING ... SIGH
+ cmd = "grep.exe -v \'%\' "+fname+" > "+tmpname
Modified: packages/gamera/trunk/debian/patches/series
===================================================================
--- packages/gamera/trunk/debian/patches/series 2014-07-08 23:12:27 UTC (rev 29695)
+++ packages/gamera/trunk/debian/patches/series 2014-07-08 23:33:38 UTC (rev 29696)
@@ -7,3 +7,4 @@
nosetests.diff
trap-errors-from-pclose.diff
fix-typos.diff
+avoid_mktemp.diff
More information about the Python-modules-commits
mailing list