[Bug 1197639] Re: Improper sanitization of terminal emulator escape sequences when displaying build log and build status
Debdiff looks good. ACK. Uploading now, will be release once it finishes building. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1197639 Title: Improper sanitization of terminal emulator escape sequences when displaying build log and build status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/osc/+bug/1197639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1197639] Re: Improper sanitization of terminal emulator escape sequences when displaying build log and build status
This bug was fixed in the package osc - 0.132.6-1ubuntu0.1 --- osc (0.132.6-1ubuntu0.1) precise-security; urgency=low * SECURITY UPDATE: Improper sanitization of terminal emulator escape sequences when displaying build log and build status (LP: #1197639) - debian/patches/CVE-2012-1095.patch: osc/core.py(print_buildlog): strip terminal control chars, except new lines from build logs. Based on upstream patch. - CVE-2012-1095 -- Christian Kuersteiner ckuer...@gmx.ch Tue, 16 Jul 2013 11:44:28 +0700 ** Changed in: osc (Ubuntu) Status: Incomplete = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1197639 Title: Improper sanitization of terminal emulator escape sequences when displaying build log and build status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/osc/+bug/1197639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1197639] Re: Improper sanitization of terminal emulator escape sequences when displaying build log and build status
Precise debdiff. Tested install/upgrade on clean system. Tested with the testsuite from osc (tests/suite.py). Got some errors in TestCommit. Not sure if it might be a configuration thing. I got the same kind of errors for the patched and unpatched version. ** Patch added: lp1197639-precise.debdiff https://bugs.launchpad.net/ubuntu/+source/osc/+bug/1197639/+attachment/3738442/+files/lp1197639-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1197639 Title: Improper sanitization of terminal emulator escape sequences when displaying build log and build status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/osc/+bug/1197639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1197639] Re: Improper sanitization of terminal emulator escape sequences when displaying build log and build status
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Changed in: osc (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1197639 Title: Improper sanitization of terminal emulator escape sequences when displaying build log and build status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/osc/+bug/1197639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs