Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 28 Aug 2014 07:18:34 +0200
From: Florian Weimer <>
Subject: CVE-2014-0485: unsafe Python pickle in s3ql

Nikolaus Rath discovered a vulnerability in s3ql which can result in
remote code execution, caused by the unsafe use of Python's pickle
serialization library.

The upstream commit is here:


(This issue was reported privately to Debian, the distros list was
notified, and this is the public heads-up required by list policy.)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ