[issue29125] Shell injection via TIX_LIBRARY when using tkinter.tix
Larry Hastings
report at bugs.python.org
Mon Jan 2 10:43:20 EST 2017
Larry Hastings added the comment:
This code hasn't changed in years. So while I believe it's a security bug and should be fixed, I don't know if I agree it's a bad enough security bug to stop Python 3.5.3rc1, which is literally in the middle of the release process.
I'm guessing this is easily fixed (if not os.path.isfile(tixlib): return), so how about we release 3.5.3rc1 with this bug and I'll cherry-pick this fix for 3.5.3 final.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29125>
_______________________________________
More information about the Python-bugs-list
mailing list