This is an automated email from the git hooks/post-receive script. czchen pushed a commit to branch master in repository shutter.
commit 15640fe3587e419691c3cd3a93e563eeb3fbcc61 Author: Andrew Starr-Bochicchio <a.star...@gmail.com> Date: Thu Nov 5 21:46:52 2015 -0500 Fix insecure use of system() (Closes: #798862, LP: #1495163). --- debian/changelog | 1 + debian/patches/insecure_use_of_system.patch | 19 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 21 insertions(+) diff --git a/debian/changelog b/debian/changelog index 40fa263..cb917f8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ shutter (0.93.1-1) UNRELEASED; urgency=medium * New upstream release. + * Fix insecure use of system() (Closes: #798862, LP: #1495163). -- Andrew Starr-Bochicchio <a...@debian.org> Thu, 05 Nov 2015 20:24:06 -0500 diff --git a/debian/patches/insecure_use_of_system.patch b/debian/patches/insecure_use_of_system.patch new file mode 100644 index 0000000..e71a44f --- /dev/null +++ b/debian/patches/insecure_use_of_system.patch @@ -0,0 +1,19 @@ +Description: Fix insecure use of system() +Author: Luke Faraone <lfara...@debian.org> +Bug: https://bugs.launchpad.net/shutter/+bug/1495163 +Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798862 + +Index: shutter/share/shutter/resources/modules/Shutter/App/HelperFunctions.pm +=================================================================== +--- shutter.orig/share/shutter/resources/modules/Shutter/App/HelperFunctions.pm 2015-11-05 21:34:34.222313258 -0500 ++++ shutter/share/shutter/resources/modules/Shutter/App/HelperFunctions.pm 2015-11-05 21:35:37.299461116 -0500 +@@ -53,7 +53,8 @@ + + sub xdg_open { + my ( $self, $dialog, $link, $user_data ) = @_; +- system("xdg-open $link"); ++ my @args = ("xdg-open", $link); ++ system(@args); + if($?){ + my $response = $self->{_dialogs}->dlg_error_message( + sprintf( $self->{_d}->get("Error while executing %s."), "'xdg-open'"), diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..3c3a073 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +insecure_use_of_system.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/shutter.git _______________________________________________ Pkg-perl-cvs-commits mailing list Pkg-perl-cvs-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits