[Secure-testing-team] Bug#575780: CVE-2008-5983
Giuseppe Iuculano
iuculano at debian.org
Mon Mar 29 08:08:57 UTC 2010
Package: python3.1
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for python3.1.
CVE-2008-5983[0]:
| Untrusted search path vulnerability in the PySys_SetArgv API function
| in Python 2.6 and earlier, and possibly later versions, prepends an
| empty string to sys.path when the argv[0] argument does not contain a
| path separator, which might allow local users to execute arbitrary
| code via a Trojan horse Python file in the current working directory.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983
http://security-tracker.debian.org/tracker/CVE-2008-5983
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuwYBgACgkQNxpp46476apUfACeOqk0rUpOxljjCfg/e2VSAY5g
Ac8An0QKMApQZJxeZ8l4U3JucnpwwYAu
=tS8a
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list