python-dbusmock 0.10.1-1ubuntu1 source package in Ubuntu
Changelog
python-dbusmock (0.10.1-1ubuntu1) trusty-security; urgency=medium
* SECURITY FIX: When loading a template from an arbitrary file through the
AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template()
Python method, don't create or use Python's *.pyc cached files. By
tricking a user into loading a template from a world-writable directory
like /tmp, an attacker could run arbitrary code with the user's
privileges by putting a crafted .pyc file into that directory.
Note that this is highly unlikely to actually appear in practice as custom
dbusmock templates are usually shipped in project directories, not
directly in world-writable directories.
(LP: #1453815, CVE-2015-1326)
-- Martin Pitt <email address hidden> Tue, 12 May 2015 13:26:28 +0200
Upload details
- Uploaded by:
- Martin Pitt
- Sponsored by:
- Marc Deslauriers
- Uploaded to:
- Trusty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- python
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Trusty | updates | main | misc | |
| Trusty | security | main | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| python-dbusmock_0.10.1.orig.tar.gz | 54.4 KiB | 03aadc93bdc26ea18d4d78fcff7b6cb34f4e18623bc5cc41cf9539d663cee11e |
| python-dbusmock_0.10.1-1ubuntu1.debian.tar.gz | 4.7 KiB | e7902718167a1a50ddb7197e49fab875c8f78d142ab5fbf7960917dec27bbd0e |
| python-dbusmock_0.10.1-1ubuntu1.dsc | 2.4 KiB | 95d4b64bd9b856cef588c49100c3d3aacca6e10fee8f70245974fe4dc9cf2658 |
Available diffs
Binary packages built by this source
- python-dbusmock: mock D-Bus objects for tests (Python 2)
With python-dbusmock you can easily create mock objects on D-Bus. This is
useful for writing tests for software which talks to D-Bus services such as
upower, systemd, ConsoleKit, gnome-session or others, and it is hard (or
impossible without root privileges) to set the state of the real services to
what you expect in your tests.
.
Mock objects look like the real API (or at least the parts that you actually
need), but they do not actually do anything (or only some action that you
specify yourself). You can configure their state, behaviour and responses as
you like in your test, without making any assumptions about the real system
status.
.
You can use this with any programming language, as you can run the mocker as a
normal program. The actual setup of the mock (adding objects, methods,
properties, etc.) all happen via D-Bus methods on the
org.freedesktop.DBus. Mock interface. You just don't have the convenience
D-Bus launch API that way.
- python3-dbusmock: mock D-Bus objects for tests (Python 3)
With python-dbusmock you can easily create mock objects on D-Bus. This is
useful for writing tests for software which talks to D-Bus services such as
upower, systemd, ConsoleKit, gnome-session or others, and it is hard (or
impossible without root privileges) to set the state of the real services to
what you expect in your tests.
.
Mock objects look like the real API (or at least the parts that you actually
need), but they do not actually do anything (or only some action that you
specify yourself). You can configure their state, behaviour and responses as
you like in your test, without making any assumptions about the real system
status.
.
You can use this with any programming language, as you can run the mocker as a
normal program. The actual setup of the mock (adding objects, methods,
properties, etc.) all happen via D-Bus methods on the
org.freedesktop.DBus. Mock interface. You just don't have the convenience
D-Bus launch API that way.
