oss-sec mailing list archives
Re: CVE Request: python-pip insecure temporary directory handling
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 22 Mar 2013 00:28:44 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/20/2013 08:13 AM, David Black wrote:
Prior to version 1.3 pip used '/tmp/pip-build' as a temporary directory and as per the report in https://github.com/pypa/pip/issues/725 would follow a symbolic link placed at '/tmp/pip-build' when writing temporary files.
Is this the one actually fixed in https://github.com/pypa/pip/pull/780/files ? thanks. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRS/obAAoJEBYNRVNeJnmTZLoP/jKyjznzB0IIFJ9MP0fR8lh3 JtxidUWEPpTBBse74c/xEpI3K5k+atITJKryvLDJzCYzeRziNo8vX5MU1j/ok0tP wLrSnP9zVd0lRQBdr4C9Ym8m+/D+RLtRmJqhCV9ijXrTuNJblogyEJBC08JR6wuR mDGejMmw895KRh+23O5vW38GLR4nk6hyyPHwFVgNWSc+28yrSj/M472Mq9QmnpwV l7wcep5G91SoIMMQHV2iDUzBvOktIzdI0kxLfZFZjfyUS9mLJ8lfgCyHXjJ/05fk 08C3T3bLjjgkl/5F7wtrsnRFfBkzeML348D6H/+A7B6okdPGAsaBtMK1oAe7d/dl KrjQqmya4DY53BejghuCzo00NJUfTo1i8FbNPYZCHVj73FivBxjeDss7btVWpFYo 06lidSqEt5Huy/n6AYGOU8zm9FCebrtm7SfD1KMQnW+3ZOmMfAieztdfuxzNwOeT N4+9LYsx1TtVXUZknfMCJQKX1xIPtU7B420gQZMlbvQaPFuyVSx0l7JLlnSaYz45 PNrVZvqDfdpicacPMdS3HXCJUy6WEYElJetiiZjPrK6ccBeNa3NCuWQBkcMg5Pno kT7pMW0n0V5YlCNSHDg2/Itj+hanWp5iK96wqmm+JrKCxRxzOpx0lTp8NCiaHRzh ccwj9wn5r/djvEingyi0 =WU5i -----END PGP SIGNATURE-----
Current thread:
- CVE Request: python-pip insecure temporary directory handling David Black (Mar 20)
- Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried (Mar 21)
- Re: CVE Request: python-pip insecure temporary directory handling David Black (Mar 22)
- Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried (Mar 22)
- Re: CVE Request: python-pip insecure temporary directory handling David Black (Mar 22)
- Re: CVE Request: python-pip insecure temporary directory handling Kurt Seifried (Mar 21)