Message 308572 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	vstinner
Date	2017-12-18.16:29:03
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1513614543.15.0.213398074469.issue32367@psf.upfronthosting.co.za>
In-reply-to

Content
https://security-tracker.debian.org/tracker/CVE-2017-17522 Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

https://security-tracker.debian.org/tracker/CVE-2017-17522

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

History
Date	User	Action	Args
2017-12-18 16:29:03	vstinner	set	recipients: + vstinner
2017-12-18 16:29:03	vstinner	set	messageid: <1513614543.15.0.213398074469.issue32367@psf.upfronthosting.co.za>
2017-12-18 16:29:03	vstinner	link	issue32367 messages
2017-12-18 16:29:03	vstinner	create