Candidate: CVE-2014-1928
PublicDate: 2014-10-25 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1928
 http://www.openwall.com/lists/oss-security/2014/02/09/1
Description:
 The shell_quote function in python-gnupg 0.3.5 does not properly escape
 characters, which allows context-dependent attackers to execute arbitrary
 code via shell metacharacters in unspecified vectors, as demonstrated using
 "\" (backslash) characters to form multi-command sequences, a different
 vulnerability than CVE-2014-1927.  NOTE: this vulnerability exists because
 of an incomplete fix for CVE-2013-7323.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_python-gnupg:
upstream_python-gnupg: released (0.3.6-1)
lucid_python-gnupg: DNE
precise_python-gnupg: DNE
quantal_python-gnupg: ignored (reached end-of-life)
saucy_python-gnupg: ignored (reached end-of-life)
trusty_python-gnupg: not-affected (0.3.6-1)
trusty/esm_python-gnupg: not-affected (0.3.6-1)
utopic_python-gnupg: ignored (reached end-of-life)
vivid_python-gnupg: ignored (reached end-of-life)
vivid/stable-phone-overlay_python-gnupg: not-affected
vivid/ubuntu-core_python-gnupg: not-affected
wily_python-gnupg: ignored (reached end-of-life)
xenial_python-gnupg: not-affected (0.3.8-2)
yakkety_python-gnupg: not-affected (0.3.8-3ubuntu2)
devel_python-gnupg: not-affected