As far as I know, this is intentional. Where is this problematic? You should not use this for unvalidated externally provided commands.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1694007 Title: externalcommand.py : Shell injection with a Path name To manage notifications about this bug go to: https://bugs.launchpad.net/bzr/+bug/1694007/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
