oss-sec mailing list archives

Re: CVE request: python-gnupg before 0.3.5 shell injection

From: Hanno Böck <hanno () hboeck de>
Date: Thu, 6 Feb 2014 09:52:07 +0100

Upstream has now released 0.3.6:
Fixed  Issue #98 : Rectified problems with earlier fix for shell
injection.
https://code.google.com/p/python-gnupg/

CVE request is still pending. I think we now need two:
1. Shell injection partly fixed in 0.3.5.
2. Incomplete fix for shell injection fixed in 0.3.6.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: signature.asc
Description:

Current thread:

CVE request: python-gnupg before 0.3.5 shell injection Hanno Böck (Feb 04)
- Re: CVE request: python-gnupg before 0.3.5 shell injection Henri Salo (Feb 04)
  - Re: CVE request: python-gnupg before 0.3.5 shell injection Florian Weimer (Feb 04)
    - Re: CVE request: python-gnupg before 0.3.5 shell injection Henri Salo (Feb 04)
    - Re: CVE request: python-gnupg before 0.3.5 shell injection Henri Salo (Feb 04)
    - Re: CVE request: python-gnupg before 0.3.5 shell injection Florian Weimer (Feb 04)
    - Re: CVE request: python-gnupg before 0.3.5 shell injection Vinay Sajip (Feb 05)
    - Re: Re: CVE request: python-gnupg before 0.3.5 shell injection Florian Weimer (Feb 05)
    - Re: CVE request: python-gnupg before 0.3.5 shell injection Vinay Sajip (Feb 05)
  - Re: CVE request: python-gnupg before 0.3.5 shell injection Matthew Daley (Feb 04)
- Re: CVE request: python-gnupg before 0.3.5 shell injection Hanno Böck (Feb 06)
  - Re: CVE request: python-gnupg before 0.3.5 shell injection cve-assign (Feb 09)
    - Re: Re: CVE request: python-gnupg before 0.3.5 shell injection Simon McVittie (Feb 10)
    - Re: CVE request: python-gnupg before 0.3.5 shell injection cve-assign (Feb 12)