Author vstinner
Recipients vstinner
Date 2017-12-18.16:29:03
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1513614543.15.0.213398074469.issue32367@psf.upfronthosting.co.za>
In-reply-to
Content
https://security-tracker.debian.org/tracker/CVE-2017-17522

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
History
Date User Action Args
2017-12-18 16:29:03vstinnersetrecipients: + vstinner
2017-12-18 16:29:03vstinnersetmessageid: <1513614543.15.0.213398074469.issue32367@psf.upfronthosting.co.za>
2017-12-18 16:29:03vstinnerlinkissue32367 messages
2017-12-18 16:29:03vstinnercreate