Re: Recommending get-orig-source for packages ?

To: debian-python@lists.debian.org
Subject: Re: Recommending get-orig-source for packages ?
From: Andreas Tille <andreas@an3as.eu>
Date: Wed, 4 Dec 2013 13:48:31 +0100
Message-id: <[🔎] 20131204124831.GE22478@an3as.eu>
In-reply-to: <[🔎] 20131204103001.GA6986@jwilk.net>
References: <[🔎] 87d2leos95.fsf@inf-8660.int-evry.fr> <[🔎] CAKTje6EmU_h+MoZqO880+KTxEmbFUorcEiSyW6u0NOgojRkysg@mail.gmail.com> <[🔎] l7m4em$t54$1@ger.gmane.org> <[🔎] CAKTje6HcFkma6+YgyHpUGe_bTo_3PfTRD_dxBEj1EQAWn-U3xg@mail.gmail.com> <[🔎] 20131204074354.GE19682@an3as.eu> <[🔎] 20131204081249.GA9933@jwilk.net> <[🔎] 20131204094106.GC22478@an3as.eu> <[🔎] 20131204103001.GA6986@jwilk.net>

On Wed, Dec 04, 2013 at 11:30:01AM +0100, Jakub Wilk wrote:
> 
> AFAICS they way get_main_source_dir() is currently implemented lets
> malicious upstream to plant files in their tarball that would cause
> arbitrary code execution...

Would you mind proposing a proper fix and forward it to the according
bug report to let other people tha readers of debian-python know.

Kind regards and thanks for any helpful hint

        Andreas.

-- 
http://fam-tille.de

Reply to:

References:
- Recommending get-orig-source for packages ?
  - From: Olivier Berger <olivier.berger@telecom-sudparis.eu>
- Re: Recommending get-orig-source for packages ?
  - From: Paul Wise <pabs@debian.org>
- Re: Recommending get-orig-source for packages ?
  - From: Stuart Prescott <stuart@debian.org>
- Re: Recommending get-orig-source for packages ?
  - From: Paul Wise <pabs@debian.org>
- Re: Recommending get-orig-source for packages ?
  - From: Andreas Tille <andreas@an3as.eu>
- Re: Recommending get-orig-source for packages ?
  - From: Jakub Wilk <jwilk@debian.org>
- Re: Recommending get-orig-source for packages ?
  - From: Andreas Tille <andreas@an3as.eu>
- Re: Recommending get-orig-source for packages ?
  - From: Jakub Wilk <jwilk@debian.org>

Prev by Date: Re: Recommending get-orig-source for packages ?
Next by Date: Re: Recommending get-orig-source for packages ?
Previous by thread: Re: Recommending get-orig-source for packages ?
Next by thread: Re: Recommending get-orig-source for packages ?
Index(es):
- Date
- Thread