Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: python-gnupg before 0.3.5 shell injection
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 4 Feb 2014 10:35:46 +0100

Hi,

I was criticised in the past for making CVE requests without enough
information. This is another case where I have a hard time complying to
them.

python-gnupg 0.3.5 lists in the changelog:
"Added improved shell quoting to guard against shell injection."
Source: https://code.google.com/p/python-gnupg/

Sounds like a severe security issue, but further info is lacking.
python-gnupg has no public source code repository, so I can't link to
any commit. I could obviously download the last and current version,
diff them and try to find out. But that's quite a lot of work for a CVE
request.

Despite the lack of info, please assign CVE, as I think it's a severe
issue.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: signature.asc
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]