upstream only fixed this in 3.5 which we do carry, but not other release series.
It's not that "ubuntu diddn't pick up the fix", it's the upstream that didn't apply in all applicable release series. commented on your bug report. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python2.7 in Ubuntu. https://bugs.launchpad.net/bugs/1512068 Title: Python ctypes.util , Shell Injection in find_library() Status in python2.7 package in Ubuntu: New Bug description: https://github.com/Legrandin/ctypes/issues/1 The find_library() function can execute code when special chars like ;|`<>$ are in the name. The "os.popen()" calls in the util.py script should be replaced with "subprocess.Popen()". Demo Exploits for Linux : ==================== >>> from ctypes.util import find_library >>> find_library(";xeyes") # runs xeyes >>> find_library("|xterm") # runs terminal >>> find_library("&gimp") # runs gimp >>> find_library("$(nautilus)") # runs filemanager >>> find_library(">test") # creates, and if exists, erases a file "test" ==== Traceback ==== >>> find_library("`xmessage hello`") # shows a message, press ctrl+c for Traceback ^CTraceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name)) File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc trace = f.read() KeyboardInterrupt ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: libpython2.7-stdlib 2.7.10-4ubuntu1 ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3 Uname: Linux 4.2.0-16-generic x86_64 ApportVersion: 2.19.1-0ubuntu4 Architecture: amd64 CurrentDesktop: XFCE Date: Sun Nov 1 10:34:38 2015 InstallationDate: Installed on 2015-10-09 (22 days ago) InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009) SourcePackage: python2.7 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1512068/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp