Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Re: Issue with PYTHON_EGG_CACHE
From: Yves-Alexis Perez <corsac () debian org>
Date: Mon, 16 Dec 2013 18:14:56 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Sun, Dec 15, 2013 at 02:06:59PM -0700, Kurt Seifried wrote:
On 12/15/2013 01:23 PM, Jeremy Stanley wrote:
On 2013-12-15 14:47:12 -0500 (-0500), cve-assign () mitre org wrote:
This message seems to disclose a vulnerability in an unspecified 
version of OpenStack Swift.
[...]
Use CVE-2013-7109 for this report about OpenStack Swift. Again, 
CVE-2013-7109 is not an ID for which setuptools is the affected 
product.

I don't think this was intended as a CVE request. The OpenStack
VMT had already determined this was non-exploitable in Swift over
the course of https://launchpad.net/bugs/1192966 and explicitly
decided not to request a CVE nor issue an advisory.


Sorry yeah I should have been more clear, I was trying to show that
it's a pretty common coding pattern to use /tmp for PYTHON_EGG_CACHE,
that specific instance was a bad one (it's about the only example
where it isn't actually a vulnerability =).

Does this mean CVE-2013-7109 should be REJECTed or not?

Regards,
- -- 
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBCgAGBQJSrzUMAAoJEG3bU/KmdcClvrkH/2BEhKHg11/3i5+d12QzHjdl
LsvKQxgTslOVE4S9Pej++rGUrEx+HtKw09nosCg0kp/8X75nH0NScr78UvW0g9/L
azpqkBPSPK42FktL1z+V8igiv5gS0WNQfILV6lXMhvNng18VO0+FIkDuBZYKXFw3
C5i8geFsLKrFwJT0n3nUAm6o8eaTW2sGt5SINA8enGJHV0hFRqZ7reI/fiRbiVmw
4QzIPlkFukVPnbTyUN47NXIvhlyP/mcy0d5dh0HNt/6/TKbflhHBnB7wjskJS3Cm
dgj+75e3hdllqP0McTCt8uPvVadtLYtHzAr/6BdevNrAh4jk4jAilp0Y3HO04C4=
=XegA
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]