oss-sec mailing list archives
CVE request: python-gnupg before 0.3.5 shell injection
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 4 Feb 2014 10:35:46 +0100
Hi, I was criticised in the past for making CVE requests without enough information. This is another case where I have a hard time complying to them. python-gnupg 0.3.5 lists in the changelog: "Added improved shell quoting to guard against shell injection." Source: https://code.google.com/p/python-gnupg/ Sounds like a severe security issue, but further info is lacking. python-gnupg has no public source code repository, so I can't link to any commit. I could obviously download the last and current version, diff them and try to find out. But that's quite a lot of work for a CVE request. Despite the lack of info, please assign CVE, as I think it's a severe issue. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
signature.asc
Description:
Current thread:
- CVE request: python-gnupg before 0.3.5 shell injection Hanno Böck (Feb 04)
- Re: CVE request: python-gnupg before 0.3.5 shell injection Henri Salo (Feb 04)
- Re: CVE request: python-gnupg before 0.3.5 shell injection Florian Weimer (Feb 04)
- Re: CVE request: python-gnupg before 0.3.5 shell injection Henri Salo (Feb 04)
- Re: CVE request: python-gnupg before 0.3.5 shell injection Henri Salo (Feb 04)
- Re: CVE request: python-gnupg before 0.3.5 shell injection Florian Weimer (Feb 04)
- Re: CVE request: python-gnupg before 0.3.5 shell injection Vinay Sajip (Feb 05)
- Re: Re: CVE request: python-gnupg before 0.3.5 shell injection Florian Weimer (Feb 05)
- Re: CVE request: python-gnupg before 0.3.5 shell injection Vinay Sajip (Feb 05)
- Re: CVE request: python-gnupg before 0.3.5 shell injection Florian Weimer (Feb 04)
- Re: CVE request: python-gnupg before 0.3.5 shell injection Henri Salo (Feb 04)