DEBIAN-CVE-2014-1928

Source
https://security-tracker.debian.org/tracker/DEBIAN-CVE-2014-1928
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2014-1928.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2014-1928
Upstream
Published
2014-10-25T21:55:03Z
Modified
2025-09-19T06:05:24Z
Summary
[none]
Details

The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

References

Affected packages

Debian:11 / python-gnupg

Package

Name
python-gnupg
Purl
pkg:deb/debian/python-gnupg?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / python-gnupg

Package

Name
python-gnupg
Purl
pkg:deb/debian/python-gnupg?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / python-gnupg

Package

Name
python-gnupg
Purl
pkg:deb/debian/python-gnupg?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / python-gnupg

Package

Name
python-gnupg
Purl
pkg:deb/debian/python-gnupg?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}