OK, i could verify that we have second bug, its in backend.py where subprocess is called.
This affects ALL scripts using the __subprocess_popen function.
hsibackend.py , lftpbackend.py , ncftpbackend.py , rsyncbackend.py , sxbackend.py , tahoebackend.py
Exploit demo : ===========
$ duplicity /tmp/ 'rsync://user@host//;xmessage hello bug;#/test'
OK, i could verify that we have second bug, its in backend.py where subprocess is called.
This affects ALL scripts using the __subprocess_popen function.
hsibackend.py , lftpbackend.py , ncftpbackend.py , rsyncbackend.py , sxbackend.py , tahoebackend.py
Exploit demo :
===========
$ duplicity /tmp/ 'rsync: //user@ host//; xmessage hello bug;#/test'