[issue16248] Security bug in tkinter allows for untrusted, arbitrary code execution.
Arfrever Frehtes Taifersar Arahesis
report at bugs.python.org
Thu Aug 1 19:31:28 CEST 2013
Arfrever Frehtes Taifersar Arahesis added the comment:
The fix in 2.6, 2.7, 3.1 and 3.2 branches introduced UnboundLocalError occurring when a non-None baseName parameter is passed.
At least a part of fa82071bb7e1 should be backported to 2.6, 2.7, 3.1 and 3.2 branches.
$ python2.7 -c 'import Tkinter; print(repr(Tkinter.Tk(baseName="some_name")))'
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib64/python2.7/lib-tk/Tkinter.py", line 1748, in __init__
if not sys.flags.ignore_environment:
UnboundLocalError: local variable 'sys' referenced before assignment
$ python3.2 -c 'import tkinter; print(repr(tkinter.Tk(baseName="some_name")))'
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib64/python3.2/tkinter/__init__.py", line 1734, in __init__
if not sys.flags.ignore_environment:
UnboundLocalError: local variable 'sys' referenced before assignment
----------
resolution: fixed ->
stage: committed/rejected ->
status: closed -> open
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16248>
_______________________________________
More information about the Python-bugs-list
mailing list