This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author TheRegRunner
Recipients TheRegRunner, dstufft, eric.araujo
Date 2015-11-14.21:13:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>

File :

Line 358 :
This line in the code uses the depreached os.popen command, should be replaced with subprocess.Popen() :

out = os.popen(q_cmd)

Exploit demo :
1) Download the script witch i attached
2) Create a test folder an put the script in this folder
3) cd to the test folder
4) python bdist_rpm
5) A xmessage window pops up as a proof of concept
Date User Action Args
2015-11-14 21:13:32TheRegRunnersetrecipients: + TheRegRunner, eric.araujo, dstufft
2015-11-14 21:13:32TheRegRunnersetmessageid: <>
2015-11-14 21:13:32TheRegRunnerlinkissue25627 messages
2015-11-14 21:13:32TheRegRunnercreate