Launchpad CVE tracker

CVE 2015-20107

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

Related bugs and status

CVE-2015-20107 (Candidate) is related to these bugs:

Bug #1982108: SRU: update python3.10 to the 3.10.5 release in 22.04 LTS

		In	Importance	Status
1982108	SRU: update python3.10 to the 3.10.5 release in 22.04 LTS	python3.10 (Ubuntu)	Undecided	Confirmed
1982108	SRU: update python3.10 to the 3.10.5 release in 22.04 LTS	python3.10 (Ubuntu Jammy)	Undecided	Fix Released
1982108	SRU: update python3.10 to the 3.10.5 release in 22.04 LTS	python3-stdlib-extensions (Ubuntu)	Undecided	Confirmed
1982108	SRU: update python3.10 to the 3.10.5 release in 22.04 LTS	python3-stdlib-extensions (Ubuntu Jammy)	Undecided	Fix Committed
1982108	SRU: update python3.10 to the 3.10.5 release in 22.04 LTS	python3-defaults (Ubuntu)	Undecided	New
1982108	SRU: update python3.10 to the 3.10.5 release in 22.04 LTS	python3-defaults (Ubuntu Jammy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-20107

References