Viewing all changes in revision 3112.
- Committer: Martin Pitt
- Date: 2016-12-18 12:49:43 UTC
- Revision ID: martin.pitt@canonical.com-20161218124943-rn79hmqwgz0uetkv
Restrict a report's CrashDB field to literals
Use ast.literal_eval() instead of the generic eval(), to prevent arbitrary code
execution from malicious .crash files. A user could be tricked into opening a
crash file whose CrashDB field contains an exec(), open(), or similar commands;
this is fairly easy as we install a MIME handler for these.
Thanks to Donncha O'Cearbhaill for discovering this!
CVE-2016-9949
LP: #1648806
Use ast.literal_eval() instead of the generic eval(), to prevent arbitrary code
execution from malicious .crash files. A user could be tricked into opening a
crash file whose CrashDB field contains an exec(), open(), or similar commands;
this is fairly easy as we install a MIME handler for these.
Thanks to Donncha O'Cearbhaill for discovering this!
CVE-2016-9949
LP: #1648806
- files modified:
- NEWS
expand all
collapse all
added
removed
