Source: python-gnupg Severity: grave Tags: security upstream Justification: user security hole
Hi, the following vulnerabilities were published for python-gnupg. CVE-2013-7323[0]: Unrestricted use of unquoted strings in a shell CVE-2014-1927[1]: Erroneous assumptions about the usability of " characters CVE-2014-1928[2]: Erroneous insertion of a \ character allowing shell injection in python-gnupg. Plase see the treat on oss-security about more details for each of these isues[3]. Note I have not (yet) checked which of the three CVEs still apply to the 0.3.5 version. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7323 http://security-tracker.debian.org/tracker/CVE-2013-7323 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1927 http://security-tracker.debian.org/tracker/CVE-2014-1927 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1928 http://security-tracker.debian.org/tracker/CVE-2014-1928 [3] http://www.openwall.com/lists/oss-security/2014/02/09/1 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
