[issue32367] [Security] CVE-2017-17522: webbrowser.py in Python does not validate strings

[Michał Radwański]

Change by Michał Radwański :


--
pull_requests: +8277

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32367] [Security] CVE-2017-17522: webbrowser.py in Python does not validate strings

[Ned Deily]

Ned Deily  added the comment:

And Red Hat has already closed their version of this as NOTABUG:
 
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-17522

It seems nearly everyone is agreement that this is not a security issue.

--
resolution:  -> not a bug
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32367] [Security] CVE-2017-17522: webbrowser.py in Python does not validate strings

[Ned Deily]

Ned Deily  added the comment:

Update: https://security-tracker.debian.org/tracker/CVE-2017-17522

"** DISPUTED [...] NOTE: a software maintainer indicates that exploitation is 
impossible because the code relies on subprocess.Popen and the default 
shell=False setting."

--
nosy: +ned.deily

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32367] [Security] CVE-2017-17522: webbrowser.py in Python does not validate strings

[Antoine Pitrou]

Change by Antoine Pitrou :


--
priority: normal -> high

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32367] [Security] CVE-2017-17522: webbrowser.py in Python does not validate strings

[STINNER Victor]

Change by STINNER Victor :


--
nosy: +martin.panter

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32367] [Security] CVE-2017-17522: webbrowser.py in Python does not validate strings

[Charalampos Stratakis]

Change by Charalampos Stratakis :


--
nosy: +cstratak

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32367] [Security] CVE-2017-17522: webbrowser.py in Python does not validate strings

[STINNER Victor]

STINNER Victor  added the comment:

Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-17522
Ubuntu: 
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17522.html
SUSE: https://bugzilla.novell.com/show_bug.cgi?id=CVE-2017-17522

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32367] [Security] CVE-2017-17522: webbrowser.py in Python does not validate strings

[STINNER Victor]

Change by STINNER Victor :


--
title: CVE-2017-17522: webbrowser.py in Python does not validate strings -> 
[Security] CVE-2017-17522: webbrowser.py in Python does not validate strings

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com