Package: py2play Version: 0.1.7-1 py2play uses Python pickle for sharing Soya objects (or other classes) over a P2P network. Pickle objects, when unpickled, contain both data and code. A malicious user on a game's P2P net can send custom classes to fellow players in order to gain access to their systems or execute malicious commands.
There is no fix to this, this flaw is at py2play's core. The maintainer of this package has been aware of this security flaw for some time and has not only ignored it, but replaced it with a new module called "tofu" which has the same vulnerability. At a minimum, users of this Python module need to be aware of this. -- Diversity is the Fuel of Evolution, Conformity it's Starvation. Be Radical. Be New. Be Different. Feed Evolution with Everything You Are. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
