classification
Title: shutil._call_external_zip should use subprocess
Type: Stage: resolved
Components: Library (Lib) Versions: Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: benjamin.peterson
Priority: normal Keywords: patch

Created on 2018-08-29 05:10 by benjamin.peterson, last changed 2018-08-30 04:59 by benjamin.peterson. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 8985 merged benjamin.peterson, 2018-08-29 05:14
Messages (2)
msg324301 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2018-08-29 05:10
disutils.spawn isn't very good at quoting command lines (#8987). We need to use subprocess to avoid shell injection.
msg324367 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2018-08-30 04:59
New changeset d8b103b8b3ef9644805341216963a64098642435 by Benjamin Peterson in branch '2.7':
closes bpo-34540: Convert shutil._call_external_zip to use subprocess rather than distutils.spawn. (GH-8985)
https://github.com/python/cpython/commit/d8b103b8b3ef9644805341216963a64098642435
History
Date User Action Args
2018-08-30 04:59:25benjamin.petersonsetstatus: open -> closed
resolution: fixed
messages: + msg324367

stage: patch review -> resolved
2018-08-29 05:14:07benjamin.petersonsetkeywords: + patch
stage: patch review
pull_requests: + pull_request8458
2018-08-29 05:10:18benjamin.petersoncreate