← Back to team overview

desktop-packages team mailing list archive

[Bug 1467666] Re: speechd_config executes Shell Commands

 

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to speech-dispatcher in Ubuntu.
https://bugs.launchpad.net/bugs/1467666

Title:
  speechd_config executes Shell Commands

Status in speech-dispatcher package in Ubuntu:
  New

Bug description:
  if espeak is installed , some functions in the script
  "speechd_config.py" can be used to execute Shell Commands.

  ------

  Demo Example from the terminal type in  :

  theregrunner@mint17 : ~ $ python3
  Python 3.4.0 (default, Apr 11 2014, 13:05:18) 
  [GCC 4.8.2] on linux
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import speechd_config
  >>> speechd_config.options.use_espeak_synthesis=True
  >>> speechd_config.report('This executes xterm but should not  ";xterm;#"' )

  ------

  The problem is that the script uses os.system() commands when espeak
  is installed

  /usr/lib/python3/dist-packages/speechd_config/config.py

  line 34 - 39 :

  def report(msg):
      """Output information messages for the user on stdout
      and if desired, by espeak synthesis"""
      print(msg)
      if options.use_espeak_synthesis:
          os.system("espeak \"" + msg + "\"")

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: python3-speechd 0.8-5ubuntu1
  ProcVersionSignature: Ubuntu 3.13.0-37.64-generic 3.13.11.7
  Uname: Linux 3.13.0-37-generic i686
  ApportVersion: 2.14.1-0ubuntu3.11
  Architecture: i386
  Date: Mon Jun 22 22:23:54 2015
  InstallationDate: Installed on 2015-04-19 (64 days ago)
  InstallationMedia: Linux Mint 17.1 "Rebecca" - Release i386 20150108
  PackageArchitecture: all
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  SourcePackage: speech-dispatcher
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/speech-dispatcher/+bug/1467666/+subscriptions


References