This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: shutil._call_external_zip should use subprocess
Type: Stage: resolved
Components: Library (Lib) Versions: Python 2.7
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: benjamin.peterson
Priority: normal Keywords: patch

Created on 2018-08-29 05:10 by benjamin.peterson, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 8985 merged benjamin.peterson, 2018-08-29 05:14
Messages (2)
msg324301 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2018-08-29 05:10
disutils.spawn isn't very good at quoting command lines (#8987). We need to use subprocess to avoid shell injection.
msg324367 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2018-08-30 04:59
New changeset d8b103b8b3ef9644805341216963a64098642435 by Benjamin Peterson in branch '2.7':
closes bpo-34540: Convert shutil._call_external_zip to use subprocess rather than distutils.spawn. (GH-8985)
Date User Action Args
2022-04-11 14:59:05adminsetgithub: 78721
2018-08-30 04:59:25benjamin.petersonsetstatus: open -> closed
resolution: fixed
messages: + msg324367

stage: patch review -> resolved
2018-08-29 05:14:07benjamin.petersonsetkeywords: + patch
stage: patch review
pull_requests: + pull_request8458
2018-08-29 05:10:18benjamin.petersoncreate