python-dbusmock 0.15.1
Milestone information
- Project:
- python-dbusmock
- Series:
- trunk
- Version:
- 0.15.1
- Released:
- Registrant:
- Martin Pitt
- Release registered:
- Active:
- Yes. Drivers can target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- No users assigned to blueprints and bugs.
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- No bugs are targeted to this milestone.
Download files for this release
Release notes
- SECURITY FIX: When loading a template from an arbitrary file through the
AddTemplate() D-Bus method call or DBusTestCase.
Python method, don't create or use Python's *.pyc cached files. By tricking
a user into loading a template from a world-writable directory like /tmp, an
attacker could run arbitrary code with the user's privileges by putting a
crafted .pyc file into that directory. Note that this is highly unlikely to
actually appear in practice as custom dbusmock templates are usually shipped
in project directories, not directly in world-writable directories.
Thanks to Simon McVittie for discovering this!
(LP: #1453815, CVE-2015-1326)
Changelog
This release does not have a changelog.
0 blueprints and 0 bugs targeted
There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.
