CVE-2015-5652
Published: 6 October 2015
Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point."
Notes
| Author | Note |
|---|---|
| sbeattie | Windows only and upstream isn't going to fix, ignoring |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
python2.7 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(Windows only)
|
| cosmic |
Not vulnerable
(Windows only)
|
|
| precise |
Not vulnerable
(Windows only)
|
|
| trusty |
Not vulnerable
(Windows only)
|
|
| upstream |
Needed
|
|
| vivid |
Not vulnerable
(Windows only)
|
|
| xenial |
Not vulnerable
(Windows only)
|
|
|
python3.2 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(Windows only)
|
| trusty |
Does not exist
|
|
| upstream |
Needed
|
|
| vivid |
Does not exist
|
|
|
python3.4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Not vulnerable
(Windows only)
|
|
| upstream |
Needed
|
|
| vivid |
Not vulnerable
(Windows only)
|
|
| xenial |
Does not exist
|
|
|
python3.5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Not vulnerable
(Windows only)
|
|
| upstream |
Needed
|
|
| vivid |
Does not exist
|
|
| xenial |
Not vulnerable
(Windows only)
|