Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: python-pip insecure temporary directory handling
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 22 Mar 2013 00:28:44 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/20/2013 08:13 AM, David Black wrote:
Prior to version 1.3 pip used '/tmp/pip-build' as a temporary 
directory and as per the report in 
https://github.com/pypa/pip/issues/725 would follow a symbolic
link placed at '/tmp/pip-build' when writing temporary files.


Is this the one actually fixed in
https://github.com/pypa/pip/pull/780/files

? thanks.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRS/obAAoJEBYNRVNeJnmTZLoP/jKyjznzB0IIFJ9MP0fR8lh3
JtxidUWEPpTBBse74c/xEpI3K5k+atITJKryvLDJzCYzeRziNo8vX5MU1j/ok0tP
wLrSnP9zVd0lRQBdr4C9Ym8m+/D+RLtRmJqhCV9ijXrTuNJblogyEJBC08JR6wuR
mDGejMmw895KRh+23O5vW38GLR4nk6hyyPHwFVgNWSc+28yrSj/M472Mq9QmnpwV
l7wcep5G91SoIMMQHV2iDUzBvOktIzdI0kxLfZFZjfyUS9mLJ8lfgCyHXjJ/05fk
08C3T3bLjjgkl/5F7wtrsnRFfBkzeML348D6H/+A7B6okdPGAsaBtMK1oAe7d/dl
KrjQqmya4DY53BejghuCzo00NJUfTo1i8FbNPYZCHVj73FivBxjeDss7btVWpFYo
06lidSqEt5Huy/n6AYGOU8zm9FCebrtm7SfD1KMQnW+3ZOmMfAieztdfuxzNwOeT
N4+9LYsx1TtVXUZknfMCJQKX1xIPtU7B420gQZMlbvQaPFuyVSx0l7JLlnSaYz45
PNrVZvqDfdpicacPMdS3HXCJUy6WEYElJetiiZjPrK6ccBeNa3NCuWQBkcMg5Pno
kT7pMW0n0V5YlCNSHDg2/Itj+hanWp5iK96wqmm+JrKCxRxzOpx0lTp8NCiaHRzh
ccwj9wn5r/djvEingyi0
=WU5i
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]