mailing list archives
Re: Re: Issue with PYTHON_EGG_CACHE
From: Yves-Alexis Perez <corsac () debian org>
Date: Mon, 16 Dec 2013 18:14:56 +0100
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, Dec 15, 2013 at 02:06:59PM -0700, Kurt Seifried wrote:
On 12/15/2013 01:23 PM, Jeremy Stanley wrote:
On 2013-12-15 14:47:12 -0500 (-0500), cve-assign () mitre org wrote:
This message seems to disclose a vulnerability in an unspecified
version of OpenStack Swift.
Use CVE-2013-7109 for this report about OpenStack Swift. Again,
CVE-2013-7109 is not an ID for which setuptools is the affected
I don't think this was intended as a CVE request. The OpenStack
VMT had already determined this was non-exploitable in Swift over
the course of https://launchpad.net/bugs/1192966 and explicitly
decided not to request a CVE nor issue an advisory.
Sorry yeah I should have been more clear, I was trying to show that
it's a pretty common coding pattern to use /tmp for PYTHON_EGG_CACHE,
that specific instance was a bad one (it's about the only example
where it isn't actually a vulnerability =).
Does this mean CVE-2013-7109 should be REJECTed or not?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-----END PGP SIGNATURE-----