Bug#605155: gquilt: Use of PYTHONPATH env var in an insecure way

On Thu, Dec 02, 2010 at 02:52:26PM +1000, Peter Williams wrote: A heads up. I'm currently working on a major upgrade to gquilt. Do you need me to tell me when I do the release? That would be great! Generally I get somehow notified by Debian's upstream-watching scripts, but an extra reminder

Bug#605155: gquilt: Use of PYTHONPATH env var in an insecure way

Hi all, Since we are currently in deep freeze for Squeeze, I'm very hesitant to ask the release managers to make an exception for a new release. (I wish I'd known that the new release fixed important bugs! I glanced at the changelog but it seemed like it was all trivial or irrelevant-for-Debian

Bug#605155: gquilt: Use of PYTHONPATH env var in an insecure way

On 02/12/10 13:22, Christine Spang wrote: Hi all, Since we are currently in deep freeze for Squeeze, I'm very hesitant to ask the release managers to make an exception for a new release. (I wish I'd known that the new release fixed important bugs! I glanced at the changelog but it seemed like

Bug#605155: gquilt: Use of PYTHONPATH env var in an insecure way

Hi Christine, On Thu, Dec 2, 2010 at 04:22, Christine Spang sp...@mit.edu wrote: It looks like gquilt doesn't actually require PYTHONPATH to be set, anyway, since python already adds the directory of the executed script to sys.path. I propose the following patch: That patch seems ok.

Bug#605155: gquilt: Use of PYTHONPATH env var in an insecure way

found 605155 0.20-2 0.22-1 tags 605155 fixed-upstream thanks Hi Peter On Sun, Nov 28, 2010 at 01:11, Peter Williams pwil3...@bigpond.net.au wrote: Please update to gquilt-0.24 (released about 7 weeks ago) as the above problem is no longer present in the code. Thanks for letting us know!

Processed (with 1 errors): Re: Bug#605155: gquilt: Use of PYTHONPATH env var in an insecure way

Processing commands for cont...@bugs.debian.org: found 605155 0.20-2 0.22-1 Unknown command or malformed arguments to command. tags 605155 fixed-upstream Bug #605155 [gquilt] gquilt: Use of PYTHONPATH env var in an insecure way Bug #605152 [gquilt] gquilt: Use of PYTHONPATH env var in an

Bug#605155: gquilt: Use of PYTHONPATH env var in an insecure way

Package: gquilt Version: 0.22-1 Severity: grave Tags: security User: debian-pyt...@lists.debian.org Usertags: pythonpath Jakub Wilk performed an analysis[1] for packages setting PYTHONPATH in an insecure way. Those packages do something like: PYTHONPATH=/spam/eggs:$PYTHONPATH This is wrong,

Bug#605155: gquilt: Use of PYTHONPATH env var in an insecure way

On 28/11/10 08:38, Sandro Tosi wrote: Package: gquilt Version: 0.22-1 Severity: grave Tags: security User: debian-pyt...@lists.debian.org Usertags: pythonpath Jakub Wilk performed an analysis[1] for packages setting PYTHONPATH in an insecure way. Those packages do something like: