oss-sec mailing list archives
CVE-2014-0485: unsafe Python pickle in s3ql
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 28 Aug 2014 07:18:34 +0200
Nikolaus Rath discovered a vulnerability in s3ql which can result in remote code execution, caused by the unsafe use of Python's pickle serialization library. The upstream commit is here: <https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8> (This issue was reported privately to Debian, the distros list was notified, and this is the public heads-up required by list policy.)
Current thread:
- CVE-2014-0485: unsafe Python pickle in s3ql Florian Weimer (Aug 27)