oss-sec mailing list archives
CVE Request: lshell: shell outbreak vulnerabilities via bad syntax parse and multiline commands
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 22 Aug 2016 21:54:35 +0200
Hi Two shell outbreak vulnerability for lshell, a shell coded in python, that is intended to restrict a user's environment to only a limited sets of commands. 1/ Shell outbreak due to bad syntax parse - https://github.com/ghantoos/lshell/issues/147 - https://bugs.debian.org/834949 2/ Shell outbreak with multiline commands - https://github.com/ghantoos/lshell/issues/149 - Fix: https://github.com/ghantoos/lshell/commit/e72dfcd1f258193f9aaea3591ecbdaed207661a0 - https://bugs.debian.org/834946 Could you please assign two CVEs for those lshell issues? Regards, Salvatore
Current thread:
- CVE Request: lshell: shell outbreak vulnerabilities via bad syntax parse and multiline commands Salvatore Bonaccorso (Aug 22)