[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2014-0485: unsafe Python pickle in s3ql
From: Florian Weimer <fw () deneb ! enyo ! de>
Date: 2014-08-28 5:18:34
Message-ID: 87tx4xfaz9.fsf () mid ! deneb ! enyo ! de
[Download RAW message or body]
Nikolaus Rath discovered a vulnerability in s3ql which can result in
remote code execution, caused by the unsafe use of Python's pickle
serialization library.
The upstream commit is here:
<https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8>
(This issue was reported privately to Debian, the distros list was
notified, and this is the public heads-up required by list policy.)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic