aboutsummaryrefslogtreecommitdiff
path: root/debian/patches/CVE-2020-15703.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/CVE-2020-15703.patch')
-rw-r--r--debian/patches/CVE-2020-15703.patch16
1 files changed, 0 insertions, 16 deletions
diff --git a/debian/patches/CVE-2020-15703.patch b/debian/patches/CVE-2020-15703.patch
deleted file mode 100644
index caf9360..0000000
--- a/debian/patches/CVE-2020-15703.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: Reject locales with full path
- _parse_localename() treats "/tmp/a." as a locale with language "/tmp/a" and
- empty region, so add an extra safety check.
-Author: Julian Andres Klode <juliank@ubuntu.com>
-Bug: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1888235
---- a/aptdaemon/core.py
-+++ b/aptdaemon/core.py
-@@ -821,6 +821,8 @@ class Transaction(DBusObject):
- """
- if self.status != enums.STATUS_SETTING_UP:
- raise errors.TransactionAlreadyRunning()
-+ if "/" in str(locale_str):
-+ raise ValueError("Security exception: Absolute path for locale")
- try:
- # ensure locale string is str() and not dbus.String()
- (lang, encoding) = locale._parse_localename(str(locale_str))
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-04 03:25:45 +0000