python-dbusmock 0.15.1-1 source package in Ubuntu
Changelog
python-dbusmock (0.15.1-1) unstable; urgency=medium
* New upstream release.
- SECURITY FIX: When loading a template from an arbitrary file through the
AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template()
Python method, don't create or use Python's *.pyc cached files. By
tricking a user into loading a template from a world-writable directory
like /tmp, an attacker could run arbitrary code with the user's
privileges by putting a crafted .pyc file into that directory.
Note that this is highly unlikely to actually appear in practice as custom
dbusmock templates are usually shipped in project directories, not
directly in world-writable directories.
(LP: #1453815, CVE-2015-1326)
-- Martin Pitt <email address hidden> Tue, 12 May 2015 12:49:53 +0200
Upload details
- Uploaded by:
- Debian Python Modules Team
- Uploaded to:
- Sid
- Original maintainer:
- Debian Python Modules Team
- Architectures:
- all
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| python-dbusmock_0.15.1-1.dsc | 2.3 KiB | 3a18a3e6ef7ad16daad139aa45f850bd0cd8ca0455088bbf6979af6d01dc2905 |
| python-dbusmock_0.15.1.orig.tar.gz | 65.7 KiB | ca084ea55c2d1c7991c8eb73c7b578cc27b665ab3e5af2ddfc2daa2d1edacc14 |
| python-dbusmock_0.15.1-1.debian.tar.xz | 3.9 KiB | 6d66eefc7b49c6452dab3be0368a803c721ae53c933c87e48db6decbd040147b |
Available diffs
- diff from 0.15-1 to 0.15.1-1 (1.9 KiB)
No changes file available.
Binary packages built by this source
- python-dbusmock: No summary available for python-dbusmock in ubuntu wily.
No description available for python-dbusmock in ubuntu wily.
- python3-dbusmock: No summary available for python3-dbusmock in ubuntu wily.
No description available for python3-dbusmock in ubuntu wily.
