Date: Mon, 22 Aug 2016 21:54:35 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: CVE Request: lshell: shell outbreak vulnerabilities via bad syntax parse and multiline commands Hi Two shell outbreak vulnerability for lshell, a shell coded in python, that is intended to restrict a user's environment to only a limited sets of commands. 1/ Shell outbreak due to bad syntax parse - https://github.com/ghantoos/lshell/issues/147 - https://bugs.debian.org/834949 2/ Shell outbreak with multiline commands - https://github.com/ghantoos/lshell/issues/149 - Fix: https://github.com/ghantoos/lshell/commit/e72dfcd1f258193f9aaea3591ecbdaed207661a0 - https://bugs.debian.org/834946 Could you please assign two CVEs for those lshell issues? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.