[Bug 933225] Re: DistUpgradeViewKDE broken since last security update

Marc Deslauriers marc.deslauriers at canonical.com
Thu Feb 16 20:24:45 UTC 2012 

** Description changed:

-         copyXauth = tempfile.mkstemp("", "adept")
-         if 'XAUTHORITY' in os.environ and os.environ['XAUTHORITY'] != copyXauth:
-             shutil.copy(os.environ['XAUTHORITY'], copyXauth)
-             os.environ["XAUTHORITY"] = copyXauth
+ copyXauth = tempfile.mkstemp("", "adept")
+         if 'XAUTHORITY' in os.environ and os.environ['XAUTHORITY'] != copyXauth:
+             shutil.copy(os.environ['XAUTHORITY'], copyXauth)
+             os.environ["XAUTHORITY"] = copyXauth
  
  <apachelogger> can't load DistUpgradeViewKDE (coercing to Unicode: need string or buffer, tuple found)
  <apachelogger> bug 881541
  <ubottu> Launchpad bug 881541 in update-manager (Ubuntu) "DistUpgrade/DistUpgradeViewKDE.py uses mktemp -- which is insecure" [Medium,Fix released] https://launchpad.net/bugs/881541
  <apachelogger> http://docs.python.org/library/tempfile.html
  <apachelogger> mkstemp() returns a tuple containing an OS-level handle to an open file (as would be returned by os.open()) and the absolute pathname of that file, in that order.
  <apachelogger>             shutil.copy(os.environ['XAUTHORITY'], copyXauth)
  <apachelogger> I am the touple in your string <3
  
- 	    print os.environ['XAUTHORITY'] => /tmp/kde-me/xauth-1000-_0
- 	    print copyXauth => (13, '/tmp/adeptTXo9jf')
+      print os.environ['XAUTHORITY'] => /tmp/kde-me/xauth-1000-_0
+      print copyXauth => (13, '/tmp/adeptTXo9jf')
  
  Also: http://docs.python.org/library/shutil.html
  shutil.copy(src, dst)
  Copy the file src to the file or directory dst. If dst is a directory, a file with the same basename as src is created (or overwritten) in the directory specified. Permission bits are copied. src and dst are path names given as strings.
- 
- Thank you for not reading documentation, no testing and getting me to
- waste time on this!
- 
- I really heart this.... <3 broken software... see.
- 
- "The guy who broke my upgrader now has to fix it and send me cookies" ~
- Oscar Wild

-- 
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/933225

Title:
  DistUpgradeViewKDE broken since last security update

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/933225/+subscriptions

More information about the kubuntu-bugs mailing list