Bug#129104: cgiemail: buffer overflow and script reading vulnerabilities
On Mon, Apr 08, 2002 at 11:00:06PM -0500, Thomas Smith wrote:
> On Mon, Apr 08, 2002 at 02:50:18PM -0500, Colin Watson wrote:
> > Better fixes are available, though. I'd forgotten that the last
> > message in this bug left it up to me to test them ... I'll have a look
> > today or tomorrow and see if we can get this sorted.
>
> There is a new version to test, just in case you have already downloaded
> it.
>
> As before, it is at <http://finbar.dyndns.org/~tgs/deb/>. The version
> to test is 1.6-14.
OK, some things:
--- 8/debian/config Thu Jan 1 01:00:00 1970
+++ 14/debian/config Tue Apr 9 22:20:53 2002
@@ -0,0 +1,28 @@
+#!/bin/bash
+CONFIG="/etc/cgiemail.conf"
+set -e
+# use debconf
+. /usr/share/debconf/confmodule
+
+# get configuration value
+if [ -f $CONFIG ];
+then
+ . $CONFIG || true;
+ db_set cgiemail/template_dir $templatedir
$templatedir should be "$templatedir" here, for safety.
+fi
+
+
+if dpkg --compare-versions $2 lt-nl 1.6-13;
$2 has to be "$2" here (more than safety - the second argument is
sometimes empty).
+then
+ # if upgrading from an older version
+ db_input critical cgiemail/template_dir || true;
+else
+ # if installing new or upgrading from recent.
+ db_input normal cgiemail/template_dir || true;
'normal' doesn't exist as a priority - should probably be 'medium'.
With that, dpkg-reconfigure works. Looks good.
Cheers,
--
Colin Watson [cjwatson@flatline.org.uk]
--
To UNSUBSCRIBE, email to debian-qa-packages-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: