mailing list archives
Re: CVE request: distutils creates ~/.pypirc insecurely
From: Jakub Wilk <jwilk () jwilk net>
Date: Tue, 27 Mar 2012 16:39:37 +0200
* Vincent Danen <vdanen () redhat com>, 2012-03-27, 08:15:
Standard flaw where a file that contains a username and password is
written with insecure permissions. This only affects python 2.6 and
I see the vulnerable code in Python 2.3.7, 2.4.6 and 2.5.6, too.