CVE-2014-0485

NameCVE-2014-0485
DescriptionS3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-3013-1
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
s3ql (PTS)wheezy, wheezy (security)1.11.1-3+deb7u1fixed
jessie2.11.1+dfsg-3fixed
stretch2.21+dfsg-3fixed
buster, sid2.23+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
s3qlsource(unstable)2.10.1+dfsg-4high
s3qlsourcewheezy1.11.1-3+deb7u1highDSA-3013-1

Search for package or bug name: Reporting problems