[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2014-0485: unsafe Python pickle in s3ql
From:       Florian Weimer <fw () deneb ! enyo ! de>
Date:       2014-08-28 5:18:34
Message-ID: 87tx4xfaz9.fsf () mid ! deneb ! enyo ! de
[Download RAW message or body]

Nikolaus Rath discovered a vulnerability in s3ql which can result in
remote code execution, caused by the unsafe use of Python's pickle
serialization library.

The upstream commit is here:

  <https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8>

(This issue was reported privately to Debian, the distros list was
notified, and this is the public heads-up required by list policy.)
[prev in list] [next in list] [prev in thread] [next in thread]