Bastian Blank
2007-Oct-04 06:58 UTC
[Pkg-xen-changes] r461 - in branches/etch/xen-3.0/debian: . patches
Author: waldi
Date: Thu Oct 4 06:58:18 2007
New Revision: 461
Log:
* debian/changelog: Update.
* debian/patches/00list: Update.
* debian/patches/CVE-2007-4993.dpatch: Add.
Added:
branches/etch/xen-3.0/debian/patches/CVE-2007-4993.dpatch (contents, props
changed)
Modified:
branches/etch/xen-3.0/debian/changelog
branches/etch/xen-3.0/debian/patches/00list
Modified: branches/etch/xen-3.0/debian/changelog
=============================================================================---
branches/etch/xen-3.0/debian/changelog (original)
+++ branches/etch/xen-3.0/debian/changelog Thu Oct 4 06:58:18 2007
@@ -1,8 +1,10 @@
xen-3.0 (3.0.3-0-3) UNRELEASED; urgency=low
* Use linux-support-2.6.18-5.
+ * Don''t use exec with untrusted values in pygrub. (closes: #444430)
+ See CVE-2007-4993.
- -- Bastian Blank <waldi at debian.org> Thu, 04 Oct 2007 08:52:53 +0200
+ -- Bastian Blank <waldi at debian.org> Thu, 04 Oct 2007 08:56:22 +0200
xen-3.0 (3.0.3-0-2) unstable; urgency=medium
Modified: branches/etch/xen-3.0/debian/patches/00list
=============================================================================---
branches/etch/xen-3.0/debian/patches/00list (original)
+++ branches/etch/xen-3.0/debian/patches/00list Thu Oct 4 06:58:18 2007
@@ -8,3 +8,4 @@
blktap-disable
path-relative
not-reinvent-udev
+CVE-2007-4993
Added: branches/etch/xen-3.0/debian/patches/CVE-2007-4993.dpatch
=============================================================================---
(empty file)
+++ branches/etch/xen-3.0/debian/patches/CVE-2007-4993.dpatch Thu Oct 4
06:58:18 2007
@@ -0,0 +1,69 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+
+ at DPATCH@
+diff -r 55c45361bbe3 -r 70bb28b62ffb tools/pygrub/src/GrubConf.py
+--- a/tools/pygrub/src/GrubConf.py Tue Sep 25 09:30:00 2007 +0100
++++ b/tools/pygrub/src/GrubConf.py Tue Sep 25 09:34:36 2007 +0100
+@@ -101,7 +101,7 @@ class GrubImage(object):
+
+ if self.commands.has_key(com):
+ if self.commands[com] is not None:
+- exec("%s = r\"%s\"" %(self.commands[com],
arg.strip()))
++ setattr(self, self.commands[com], arg.strip())
+ else:
+ logging.info("Ignored image directive %s" %(com,))
+ else:
+@@ -142,11 +142,11 @@ class GrubImage(object):
+ initrd = property(get_initrd, set_initrd)
+
+ # set up command handlers
+- commands = { "title": "self.title",
+- "root": "self.root",
+- "rootnoverify": "self.root",
+- "kernel": "self.kernel",
+- "initrd": "self.initrd",
++ commands = { "title": "title",
++ "root": "root",
++ "rootnoverify": "root",
++ "kernel": "kernel",
++ "initrd": "initrd",
+ "chainloader": None,
+ "module": None}
+
+@@ -195,7 +195,7 @@ class GrubConfigFile(object):
+ (com, arg) = grub_exact_split(l, 2)
+ if self.commands.has_key(com):
+ if self.commands[com] is not None:
+- exec("%s = r\"%s\""
%(self.commands[com], arg.strip()))
++ setattr(self, self.commands[com], arg.strip())
+ else:
+ logging.info("Ignored directive %s" %(com,))
+ else:
+@@ -208,7 +208,7 @@ class GrubConfigFile(object):
+ (com, arg) = grub_exact_split(line, 2)
+ if self.commands.has_key(com):
+ if self.commands[com] is not None:
+- exec("%s = r\"%s\"" %(self.commands[com],
arg.strip()))
++ setattr(self, self.commands[com], arg.strip())
+ else:
+ logging.info("Ignored directive %s" %(com,))
+ else:
+@@ -236,12 +236,12 @@ class GrubConfigFile(object):
+ splash = property(get_splash, set_splash)
+
+ # set up command handlers
+- commands = { "default": "self.default",
+- "timeout": "self.timeout",
+- "fallback": "self.fallback",
+- "hiddenmenu": "self.hiddenmenu",
+- "splashimage": "self.splash",
+- "password": "self.password" }
++ commands = { "default": "default",
++ "timeout": "timeout",
++ "fallback": "fallback",
++ "hiddenmenu": "hiddenmenu",
++ "splashimage": "splash",
++ "password": "password" }
+ for c in ("bootp", "color", "device",
"dhcp", "hide", "ifconfig",
+ "pager", "partnew", "parttype",
"rarp", "serial",
+ "setkey", "terminal", "terminfo",
"tftpserver", "unhide"):