Bug#651204: CVE-2011-4405 fixed in wheezy, not in squeeze

Guido Günther agx at sigxcpu.org
Tue Jul 24 10:43:29 UTC 2012


On Tue, Jul 24, 2012 at 10:09:27AM +0200, Didier 'OdyX' Raboud wrote:
> tags 651204 +patch
> thanks
> 
> Le mercredi, 30 mai 2012 11.47:05, Thijs Kinkhorst a écrit :
> > Hi,
> > 
> > Wheezy and sid contain a patch for this issue. Squeeze seems still
> > affected. Are you able to provide an updated package for squeeze?
> 
> Would the attached patch do the job for Squeeze?

It looks good to me. I didn't get around to implement something similar
since ages since I didn't have a test system to run this on. Could you
test this on a Squeeze box? If so I'd be happy about an NMU.
Cheers,
 -- Guido

> 
> OdyX

> From: Till Kamppeter <till.kamppeter at gmail.com>
> Date: Tue, 13 Dec 2011 20:54:26 +0100
> Subject: Fix MITM via unencrypted metadata download
> 
> Adapted to Squeeze by Didier Raboud <odyx at debian.org> on Tue Jul 24 10:09:16 CEST 2012.
> 
> Closes: #651204
> ---
>  cupshelpers/openprinting.py |   35 +++++++++++++++++++++++------------
>  1 files changed, 23 insertions(+), 12 deletions(-)
> 
> --- a/cupshelpers/openprinting.py
> +++ b/cupshelpers/openprinting.py
> @@ -19,7 +19,7 @@
>  ## along with this program; if not, write to the Free Software
>  ## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
>  
> -import urllib, httplib, platform, threading, tempfile, traceback
> +import pycurl,urllib, httplib, platform, threading, tempfile, traceback
>  import os, sys
>  from xml.etree.ElementTree import XML
>  from . import Device
> @@ -42,10 +42,18 @@
>          self.parameters = parameters
>          self.callback = callback
>          self.user_data = user_data
> +        self.result = ""
>  
>          self.setDaemon (True)
>  
>      def run (self):
> +
> +        # Callback function for pycURL collecting the data coming from
> +        # the web server
> +        def collect_data(result):
> +            self.result += result;
> +            return len(result)
> +
>          # CGI script to be executed
>          query_command = "/query.cgi"
>          # Headers for the post request
> @@ -55,26 +63,26 @@
>                    (urllib.urlencode (self.parameters),
>                     self.parent.language[0],
>                     self.parent.language[0]))
> -        self.url = "http://%s%s?%s" % (self.parent.base_url, query_command, params)
> +        self.url = "https://%s%s?%s" % (self.parent.base_url, query_command, params)
>          # Send request
> -        result = None
> +        self.result = ""
>          status = 1
>          try:
> -            conn = httplib.HTTPConnection(self.parent.base_url)
> -            conn.request("POST", query_command, params, headers)
> -            resp = conn.getresponse()
> -            status = resp.status
> -            if status == 200:
> -                result = resp.read()
> -            conn.close()
> +            curl = pycurl.Curl()
> +            curl.setopt(pycurl.SSL_VERIFYPEER, 1)
> +            curl.setopt(pycurl.SSL_VERIFYHOST, 2)
> +            curl.setopt(pycurl.WRITEFUNCTION, collect_data)
> +            curl.setopt(pycurl.URL, self.url)
> +            status = curl.perform()
> +            if status == None: status = 0
> +            if (status != 0):
> +                self.result = sys.exc_info ()
>          except:
> -            result = sys.exc_info ()
> -
> -        if status == 200:
> -            status = 0
> +            self.result = sys.exc_info ()
> +            if status == None: status = 0
>  
>          if self.callback != None:
> -            self.callback (status, self.user_data, result)
> +            self.callback (status, self.user_data, self.result)
>  
>  class OpenPrinting:
>      def __init__(self, language=None):




More information about the pkg-gnome-maintainers mailing list