CVE-2019-7653

Priority
Description
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI
tools that can load Python modules from the current working directory,
allowing code injection, because "python -m" looks in this directory, as
demonstrated by rdf2dot. This issue is specific to use of the
debian/scripts directory.
Notes
mdeslaurpython-rdflib-tools binary package is in universe
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.1.2-3+deb8u1build0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):not-affected (4.2.2-2)
Ubuntu 20.10 (Groovy Gorilla):not-affected (4.2.2-2)
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
More Information

Updated: 2020-09-23 18:15:36 UTC (commit 2c8b3f288f464edea579edebb1bb8b06ec12c74b)