UbuntuUpdates.org

Package "python-dbusmock"

Name: python-dbusmock

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • mock D-Bus objects for tests (Python 3)
Latest version: 0.10.1-1ubuntu1
Release: trusty (14.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "python-dbusmock" in Trusty

Repository Area Version
base universe 0.10.1-1
security universe 0.10.1-1ubuntu1
updates main 0.10.1-1ubuntu1
updates universe 0.10.1-1ubuntu1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.10.1-1ubuntu1 2015-05-22 02:44:23 UTC

  python-dbusmock (0.10.1-1ubuntu1) trusty-security; urgency=medium

  * SECURITY FIX: When loading a template from an arbitrary file through the
    AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template()
    Python method, don't create or use Python's *.pyc cached files. By
    tricking a user into loading a template from a world-writable directory
    like /tmp, an attacker could run arbitrary code with the user's
    privileges by putting a crafted .pyc file into that directory.

    Note that this is highly unlikely to actually appear in practice as custom
    dbusmock templates are usually shipped in project directories, not
    directly in world-writable directories.
    (LP: #1453815, CVE-2015-1326)

 -- Martin Pitt <email address hidden> Tue, 12 May 2015 13:26:28 +0200
1453815 arbitrary code execution or file overwrite when templates are loaded from /tmp
CVE-2015-1326 arbitrary code execution or file overwrite when templates are loaded from /tmp


About   -   Send Feedback to @ubuntu_updates