It was reported that S3QL used the Python pickle() function in an unsafe way. A malicious storage back-end or man-in-the-middle attacker could use this flaw to execute arbitrary code. Acknowledgements: Red Hat would like to thank Nikolaus Rath for reporting this issue. References: https://www.debian.org/security/2014/dsa-3013
Created attachment 931720 [details] patch
Created s3ql tracking bugs for this issue: Affects: fedora-all [bug 1134677]
Upstream commit: https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.