Ubuntu
speech-dispatcher package

speechd_config executes Shell Commands

Bug #1467666 reported by Bernd Dietzel on 2015-06-22

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	speech-dispatcher (Ubuntu)	Triaged	Undecided	Luke Yelavich

Bug Description

if espeak is installed , some functions in the script "speechd_config.py" can be used to execute Shell Commands.

------

Demo Example from the terminal type in :

theregrunner@mint17 : ~ $ python3
Python 3.4.0 (default, Apr 11 2014, 13:05:18)
[GCC 4.8.2] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import speechd_config
>>> speechd_config.options.use_espeak_synthesis=True
>>> speechd_config.report('This executes xterm but should not ";xterm;#"' )

------

The problem is that the script uses os.system() commands when espeak is installed

/usr/lib/python3/dist-packages/speechd_config/config.py

line 34 - 39 :

def report(msg):
    """Output information messages for the user on stdout
    and if desired, by espeak synthesis"""
    print(msg)
    if options.use_espeak_synthesis:
        os.system("espeak \"" + msg + "\"")

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: python3-speechd 0.8-5ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-37.64-generic 3.13.11.7
Uname: Linux 3.13.0-37-generic i686
ApportVersion: 2.14.1-0ubuntu3.11
Architecture: i386
Date: Mon Jun 22 22:23:54 2015
InstallationDate: Installed on 2015-04-19 (64 days ago)
InstallationMedia: Linux Mint 17.1 "Rebecca" - Release i386 20150108
PackageArchitecture: all
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: speech-dispatcher
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

Bernd Dietzel (l-ubuntuone1104) wrote on 2015-06-22:

Exploid Screenshot Edit (96.0 KiB, image/png)
Dependencies.txt Edit (1.3 KiB, text/plain; charset="utf-8")

Bernd Dietzel (l-ubuntuone1104) on 2015-06-30

information type:

Public → Public Security

Luke Yelavich (themuso) on 2015-06-30

Changed in speech-dispatcher (Ubuntu):
assignee:	nobody → Luke Yelavich (themuso)
status:	New → Triaged

Revision history for this message

Bernd Dietzel (l-ubuntuone1104) wrote on 2015-10-25:

Patch for /usr/lib/python3/dist-packages/speechd_config/config.py Edit (308 bytes, text/plain)

Patch

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2015-10-25:

The attachment "Patch for /usr/lib/python3/dist-packages/speechd_config/config.py" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags:

added: patch