diff -u enemies-of-carlotta-1.2.1/debian/changelog enemies-of-carlotta-1.2.1/debian/changelog --- enemies-of-carlotta-1.2.1/debian/changelog +++ enemies-of-carlotta-1.2.1/debian/changelog @@ -1,3 +1,12 @@ +enemies-of-carlotta (1.2.1-1ubuntu0.6.06) dapper-security; urgency=low + + * SECURITY UPDATE: code execution via crafted email addresses. (LP: #76321) + * eoc.py: Execute sendmail via fork and exec, not os.popen. + * References + CVE-2006-5875 + + -- William Grant Tue, 13 Nov 2007 21:47:53 +1100 + enemies-of-carlotta (1.2.1-1) unstable; urgency=low * New upstream version. Fixes a bug that crashes the program by using a only in patch2: unchanged: --- enemies-of-carlotta-1.2.1.orig/eoc.py +++ enemies-of-carlotta-1.2.1/eoc.py @@ -80,6 +80,33 @@ def md5sum_as_hex(s): return md5.new(s).hexdigest() +def forkexec(argv, text): + """Run a command (given as argv array) and write text to its stdin""" + (r, w) = os.pipe() + pid = os.fork() + if pid == -1: + raise Exception("fork failed") + elif pid == 0: + os.dup2(r, 0) + os.close(r) + os.close(w) + fd = os.open("/dev/null", os.O_RDWR) + os.dup2(fd, 1) + os.dup2(fd, 2) + os.execvp(argv[0], argv) + sys.exit(1) + else: + os.close(r) + os.write(w, text) + os.close(w) + (pid2, exit) = os.waitpid(pid, 0) + if pid != pid2: + raise Exception("os.waitpid for %d returned for %d" % (pid, pid2)) + if exit != 0: + raise Exception("subprocess failed, exit=0x%x" % exit) + return exit + + environ = None def set_environ(new_environ): @@ -403,14 +430,8 @@ q.sendmail(envelope_sender, recipients, text) q.quit() else: - recipients = string.join(recipients, " ") - f = os.popen("%s -oi -f '%s' %s" % - (self.sendmail, - envelope_sender, - recipients), - "w") - f.write(text) - f.close() + forkexec([self.sendmail, "-oi", "-f", envelope_sender] + + recipients, text) else: debug("send_mail: no recipients, not sending")