[Bug 933225] Re: DistUpgradeViewKDE broken since last security update
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Feb 16 20:24:45 UTC 2012
** Description changed:
- copyXauth = tempfile.mkstemp("", "adept")
- if 'XAUTHORITY' in os.environ and os.environ['XAUTHORITY'] != copyXauth:
- shutil.copy(os.environ['XAUTHORITY'], copyXauth)
- os.environ["XAUTHORITY"] = copyXauth
+ copyXauth = tempfile.mkstemp("", "adept")
+ if 'XAUTHORITY' in os.environ and os.environ['XAUTHORITY'] != copyXauth:
+ shutil.copy(os.environ['XAUTHORITY'], copyXauth)
+ os.environ["XAUTHORITY"] = copyXauth
<apachelogger> can't load DistUpgradeViewKDE (coercing to Unicode: need string or buffer, tuple found)
<apachelogger> bug 881541
<ubottu> Launchpad bug 881541 in update-manager (Ubuntu) "DistUpgrade/DistUpgradeViewKDE.py uses mktemp -- which is insecure" [Medium,Fix released] https://launchpad.net/bugs/881541
<apachelogger> http://docs.python.org/library/tempfile.html
<apachelogger> mkstemp() returns a tuple containing an OS-level handle to an open file (as would be returned by os.open()) and the absolute pathname of that file, in that order.
<apachelogger> shutil.copy(os.environ['XAUTHORITY'], copyXauth)
<apachelogger> I am the touple in your string <3
- print os.environ['XAUTHORITY'] => /tmp/kde-me/xauth-1000-_0
- print copyXauth => (13, '/tmp/adeptTXo9jf')
+ print os.environ['XAUTHORITY'] => /tmp/kde-me/xauth-1000-_0
+ print copyXauth => (13, '/tmp/adeptTXo9jf')
Also: http://docs.python.org/library/shutil.html
shutil.copy(src, dst)
Copy the file src to the file or directory dst. If dst is a directory, a file with the same basename as src is created (or overwritten) in the directory specified. Permission bits are copied. src and dst are path names given as strings.
-
- Thank you for not reading documentation, no testing and getting me to
- waste time on this!
-
- I really heart this.... <3 broken software... see.
-
- "The guy who broke my upgrader now has to fix it and send me cookies" ~
- Oscar Wild
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/933225
Title:
DistUpgradeViewKDE broken since last security update
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/933225/+subscriptions
More information about the kubuntu-bugs
mailing list