[shutter] 61/73: Fix insecure use of system() (Closes: #798862, LP: #1495163).

Wed, 01 Mar 2017 17:31:46 -0800 

This is an automated email from the git hooks/post-receive script.

czchen pushed a commit to branch master
in repository shutter.

commit 15640fe3587e419691c3cd3a93e563eeb3fbcc61
Author: Andrew Starr-Bochicchio <a.star...@gmail.com>
Date:   Thu Nov 5 21:46:52 2015 -0500

    Fix insecure use of system() (Closes: #798862, LP: #1495163).
---
 debian/changelog                            |  1 +
 debian/patches/insecure_use_of_system.patch | 19 +++++++++++++++++++
 debian/patches/series                       |  1 +
 3 files changed, 21 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 40fa263..cb917f8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
 shutter (0.93.1-1) UNRELEASED; urgency=medium
 
   * New upstream release.
+  * Fix insecure use of system() (Closes: #798862, LP: #1495163).
 
  -- Andrew Starr-Bochicchio <a...@debian.org>  Thu, 05 Nov 2015 20:24:06 -0500
 
diff --git a/debian/patches/insecure_use_of_system.patch 
b/debian/patches/insecure_use_of_system.patch
new file mode 100644
index 0000000..e71a44f
--- /dev/null
+++ b/debian/patches/insecure_use_of_system.patch
@@ -0,0 +1,19 @@
+Description: Fix insecure use of system()
+Author: Luke Faraone <lfara...@debian.org>
+Bug: https://bugs.launchpad.net/shutter/+bug/1495163
+Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798862
+
+Index: shutter/share/shutter/resources/modules/Shutter/App/HelperFunctions.pm
+===================================================================
+--- 
shutter.orig/share/shutter/resources/modules/Shutter/App/HelperFunctions.pm     
   2015-11-05 21:34:34.222313258 -0500
++++ shutter/share/shutter/resources/modules/Shutter/App/HelperFunctions.pm     
2015-11-05 21:35:37.299461116 -0500
+@@ -53,7 +53,8 @@
+ 
+ sub xdg_open {
+       my ( $self, $dialog, $link, $user_data ) = @_;
+-      system("xdg-open $link");
++      my @args = ("xdg-open", $link);
++      system(@args);
+       if($?){
+               my $response = $self->{_dialogs}->dlg_error_message( 
+                       sprintf( $self->{_d}->get("Error while executing %s."), 
"'xdg-open'"),
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..3c3a073
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+insecure_use_of_system.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-perl/packages/shutter.git

_______________________________________________
Pkg-perl-cvs-commits mailing list
Pkg-perl-cvs-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits

Reply via email to