[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160822195435.naiv4hyfs6lxwenf@eldamar.local>
Date: Mon, 22 Aug 2016 21:54:35 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: CVE Request: lshell: shell outbreak vulnerabilities via bad syntax
parse and multiline commands
Hi
Two shell outbreak vulnerability for lshell, a shell coded in python,
that is intended to restrict a user's environment to only a limited
sets of commands.
1/ Shell outbreak due to bad syntax parse
- https://github.com/ghantoos/lshell/issues/147
- https://bugs.debian.org/834949
2/ Shell outbreak with multiline commands
- https://github.com/ghantoos/lshell/issues/149
- Fix: https://github.com/ghantoos/lshell/commit/e72dfcd1f258193f9aaea3591ecbdaed207661a0
- https://bugs.debian.org/834946
Could you please assign two CVEs for those lshell issues?
Regards,
Salvatore
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
