looks like this is a won't fix ...
** Changed in: python2.7 (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1529857
Title:
Possible Shell Code injection when
can you give me an example where one can use it to do something bad and
doesn't have access to root already?
"exploit" demo is funny, though :)
Here's another one: `su root -c 'echo foo'` ;)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Another nice find Bernd, but package names are restricted to include
only:
lower case letters (a-z), digits (0-9), plus (+) and minus (-) signs,
and periods (.). They must be at least two characters long and must
start with an alphanumeric character.
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross