Bug#980451: marked as done (Execution of commands from the configuration file through backtick syntax)

Debian Bug Tracking System Wed, 20 Jan 2021 05:36:15 -0800

Your message dated Wed, 20 Jan 2021 13:33:45 +0000
with message-id <[email protected]>
and subject line Bug#980451: fixed in sympa 6.2.60~dfsg-2
has caused the Debian Bug report #980451,
regarding Execution of commands from the configuration file through backtick 
syntax
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
980451: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980451
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

package: sympa
severity: important
tags: security, patch

Upstream bug report: https://github.com/sympa-community/sympa/issues/1086

Regards
        Racke

-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

diff --git a/src/lib/Conf.pm b/src/lib/Conf.pm
index ce5ce13d0..e8f99cc3a 100644
--- a/src/lib/Conf.pm
+++ b/src/lib/Conf.pm
@@ -1728,12 +1728,6 @@ sub _load_config_file_to_hash {
             my ($keyword, $value) = ($1, $2);
             $value =~ s/\s*$//;
 
-            # Special case: `command`
-            if ($value =~ /^\`(.*)\`$/) {
-                $value = qx/$1/;
-                chomp($value);
-            }
-
             $keyword =
                 $Sympa::Config::Schema::obsolete_robot_params{$keyword}
                 // $keyword;

OpenPGP_signature
Description: OpenPGP digital signature

--- End Message ---

--- Begin Message ---

Source: sympa
Source-Version: 6.2.60~dfsg-2
Done: Stefan Hornburg (Racke) <[email protected]>

We believe that the bug you reported is fixed in the latest version of
sympa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Hornburg (Racke) <[email protected]> (supplier of updated sympa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 20 Jan 2021 13:21:19 +0100
Source: sympa
Architecture: source
Version: 6.2.60~dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Sympa team <[email protected]>
Changed-By: Stefan Hornburg (Racke) <[email protected]>
Closes: 980451
Changes:
 sympa (6.2.60~dfsg-2) unstable; urgency=medium
 .
   * Prevent execution of commands from the configuration file
     through backtick syntax (Closes: #980451).
   * Remove --upgrade_config_location call.
   * Remove symlink to NEWS.md.gz in order to fix lintian warning
     "debian-changelog-file-is-a-symlink".
   *  Remove lintian override for /usr/bin/head.
Checksums-Sha1:
 0001ebc08081403b1caa64d1f6a995287fbc7c37 2517 sympa_6.2.60~dfsg-2.dsc
 ac43d8db3d7d5d7b95d4d37001667683b53aedff 166548 
sympa_6.2.60~dfsg-2.debian.tar.xz
 14fa70b261d1e1696c988d4b7cc30453bc8b8d18 14930 
sympa_6.2.60~dfsg-2_amd64.buildinfo
Checksums-Sha256:
 86dc7c31e461806d4283d0f8c9f4d7c27832ccb47dd416e0e546b0f907b98838 2517 
sympa_6.2.60~dfsg-2.dsc
 375f90334d881f60e6ebdc9a01bcfbe8f336d09360ccbc4a1b5636180787e6db 166548 
sympa_6.2.60~dfsg-2.debian.tar.xz
 8f9fa10fbf40d8a19555d26cbc362988286214649dbeecb311a30f508f0b305a 14930 
sympa_6.2.60~dfsg-2_amd64.buildinfo
Files:
 e0bf9de1f601d473e5de979d20157c64 2517 mail optional sympa_6.2.60~dfsg-2.dsc
 91ef7d31b102d9f26d4c22dbe2f667f6 166548 mail optional 
sympa_6.2.60~dfsg-2.debian.tar.xz
 41c79cd18df7704d72e59204f5fd8ac4 14930 mail optional 
sympa_6.2.60~dfsg-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCAAvFiEE1oFJdaJ3d0yY0N/vW5MBW/onIPgFAmAILioRHHJhY2tlQGxp
bnV4aWEuZGUACgkQW5MBW/onIPgzSxAAm9N/REkiFbEDTRxK4b589O0eeaH+jUyq
pMRHxRbHQGjr5vpg2ActrgS4KpXgPRpmHFO686QvtckEuTjDIpiLLzpzjXSyPUFu
cmZY4asok43cMx14MtuKXl8bSdbS+WogoUSX+kFhoIY88R4M7lT140obU0nbR7H5
7YLqarvGqHQIxpblDrvucTt07o/lNKoZixrdstxw6OmEDitMlrEicf3657NkzOSz
GlY4/aXMHIRa09d4RMkv/9zj5ITWESL/ddVBYv5HUrEUnAsQuVuvBbiqgx6Gd3oG
qClHMu29qXRLX8x3UuNEUiOKxMdByp2K8gD5CZtVOxPSSgJmRWdeSYujIcivZwsK
KS0sKCNSCSoDito06OyXkJ2DzeWl1XuTDPj6R9S+bJsLv4lojzEbClM2NR1Cvz4R
HuVPjHlFzO+qcWyaqqYnP+Mz1Qf/pabBEyccLjrMhKikjDRsxeZ1RtUj70d3uYhd
gkC3leqG0D2JDuN+ZElv8jZfPPUN5ksapL1WOMakEzCw48tYpHcv4Yo0nCdKcXHP
0M9qBpGdq9dv7F9to8WnCsTGh1IQlmAeAueSfygL47X91S81gIQPyducgJ6ISl7P
7TpGkcw2C8pq6F6xzKFMo4Pf8+JI+xRS1RArnvC9KE8eO+8acXPGYGg24LxfkDsp
JC64DQlLVv4=
=3/Kk
-----END PGP SIGNATURE-----

--- End Message ---

Bug#980451: marked as done (Execution of commands from the configuration file through backtick syntax)

Reply via email to