oss-sec mailing list archives
Re: Re: Issue with PYTHON_EGG_CACHE
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 15 Dec 2013 14:06:59 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/15/2013 01:23 PM, Jeremy Stanley wrote:
On 2013-12-15 14:47:12 -0500 (-0500), cve-assign () mitre org wrote:This message seems to disclose a vulnerability in an unspecified version of OpenStack Swift.[...]Use CVE-2013-7109 for this report about OpenStack Swift. Again, CVE-2013-7109 is not an ID for which setuptools is the affected product.I don't think this was intended as a CVE request. The OpenStack VMT had already determined this was non-exploitable in Swift over the course of https://launchpad.net/bugs/1192966 and explicitly decided not to request a CVE nor issue an advisory.
Sorry yeah I should have been more clear, I was trying to show that it's a pretty common coding pattern to use /tmp for PYTHON_EGG_CACHE, that specific instance was a bad one (it's about the only example where it isn't actually a vulnerability =). - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSrhnzAAoJEBYNRVNeJnmThEIQANRpRcScoEpFlEEOqx+KD2mz ATIVF1xrH5FDAr4tY8Mtg+5QuxcUwsWj69Z0C2sgQ/1xEcNX6VJwTD9576tCBWDv x6J4ZzXhGxFvlcCi2XiKb9qgD0WUy/TeBU2+EOoT1fwhRUhvJED/4QHxcQ8RM4aW IaBUMuf/MYE/cu2mYjRqFYXCEsy+1oLHztnI361pwWa8XplKxfi+K1slw4BAof6M Kw3CsErzQQkn/g1fIH3AbruBnnbmJjaXkC3dIahOJGWZfKcYLb84i7Gr3x5Crpkg Zdr8SdqFfm8b28s1EWDDJ/M5w+LeDg6n6y/LlPkVxK3jPKAQsAm4BUwcMK5sPFV6 G4uAzOYvbjbVyPHKW5ASXqPqcXazzuy0ObPpglp9l18jECRsXYmriTY6OR/YLUMF VmzPo39VoQZ1CTB28dASrKLrtsvBzBw7ZZelUMRh+WXto1OiJtAG9VVoG+nWO4jy or+HRAGX2fzEhHsr0GPWuubzOQ/t+Q0EotJ3pdTimPtWWCla7kIDZBHvbm42VtOq emow+XFS5an8Gh2niTAyOuCmijNusUEaPSF2VfepOzHkfty9oGpRvp7K3YMVCg0Y ex2hAboT9xXshvutVFaUU/31gQTQvoEiCZkNt36SVBIeU5fTPmvBJRy6fFgyfKJ7 OCqwxY4qSu/HY6px76TV =9kSr -----END PGP SIGNATURE-----
Current thread:
- Issue with PYTHON_EGG_CACHE Grant Murphy (Dec 08)
- Re: Issue with PYTHON_EGG_CACHE cve-assign (Dec 09)
- Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 13)
- Re: Issue with PYTHON_EGG_CACHE cve-assign (Dec 15)
- Re: Re: Issue with PYTHON_EGG_CACHE Jeremy Stanley (Dec 15)
- Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 15)
- Re: Re: Issue with PYTHON_EGG_CACHE Yves-Alexis Perez (Dec 16)
- Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 16)
- Re: Re: Issue with PYTHON_EGG_CACHE Yves-Alexis Perez (Dec 17)
- Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 13)
- Re: Issue with PYTHON_EGG_CACHE cve-assign (Dec 09)