desktop-packages team mailing list archive

[Bernd Dietzel <1467666@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

if espeak is installed , some functions in the script
"speechd_config.py" can be used to execute Shell Commands.

------

Demo Example from the terminal type in  :

theregrunner@mint17 : ~ $ python3
Python 3.4.0 (default, Apr 11 2014, 13:05:18) 
[GCC 4.8.2] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import speechd_config
>>> speechd_config.options.use_espeak_synthesis=True
>>> speechd_config.report('This executes xterm but should not  ";xterm;#"' )

------

The problem is that the script uses os.system() commands when espeak is
installed

/usr/lib/python3/dist-packages/speechd_config/config.py

line 34 - 39 :

def report(msg):
    """Output information messages for the user on stdout
    and if desired, by espeak synthesis"""
    print(msg)
    if options.use_espeak_synthesis:
        os.system("espeak \"" + msg + "\"")

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: python3-speechd 0.8-5ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-37.64-generic 3.13.11.7
Uname: Linux 3.13.0-37-generic i686
ApportVersion: 2.14.1-0ubuntu3.11
Architecture: i386
Date: Mon Jun 22 22:23:54 2015
InstallationDate: Installed on 2015-04-19 (64 days ago)
InstallationMedia: Linux Mint 17.1 "Rebecca" - Release i386 20150108
PackageArchitecture: all
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SourcePackage: speech-dispatcher
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: speech-dispatcher (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-bug i386 rebecca

** Attachment added: "Exploid Screenshot"
   https://bugs.launchpad.net/bugs/1467666/+attachment/4418906/+files/Screenshot.png

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to speech-dispatcher in Ubuntu.
https://bugs.launchpad.net/bugs/1467666

Title:
  speechd_config executes Shell Commands

Status in speech-dispatcher package in Ubuntu:
  New

Bug description:
  if espeak is installed , some functions in the script
  "speechd_config.py" can be used to execute Shell Commands.

  ------

  Demo Example from the terminal type in  :

  theregrunner@mint17 : ~ $ python3
  Python 3.4.0 (default, Apr 11 2014, 13:05:18) 
  [GCC 4.8.2] on linux
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import speechd_config
  >>> speechd_config.options.use_espeak_synthesis=True
  >>> speechd_config.report('This executes xterm but should not  ";xterm;#"' )

  ------

  The problem is that the script uses os.system() commands when espeak
  is installed

  /usr/lib/python3/dist-packages/speechd_config/config.py

  line 34 - 39 :

  def report(msg):
      """Output information messages for the user on stdout
      and if desired, by espeak synthesis"""
      print(msg)
      if options.use_espeak_synthesis:
          os.system("espeak \"" + msg + "\"")

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: python3-speechd 0.8-5ubuntu1
  ProcVersionSignature: Ubuntu 3.13.0-37.64-generic 3.13.11.7
  Uname: Linux 3.13.0-37-generic i686
  ApportVersion: 2.14.1-0ubuntu3.11
  Architecture: i386
  Date: Mon Jun 22 22:23:54 2015
  InstallationDate: Installed on 2015-04-19 (64 days ago)
  InstallationMedia: Linux Mint 17.1 "Rebecca" - Release i386 20150108
  PackageArchitecture: all
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  SourcePackage: speech-dispatcher
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/speech-dispatcher/+bug/1467666/+subscriptions