oss-sec mailing list archives
Re: CVE request: distutils creates ~/.pypirc insecurely
From: Jakub Wilk <jwilk () jwilk net>
Date: Tue, 27 Mar 2012 16:39:37 +0200
* Vincent Danen <vdanen () redhat com>, 2012-03-27, 08:15:
Standard flaw where a file that contains a username and password is written with insecure permissions. This only affects python 2.6 and higher.
I see the vulnerable code in Python 2.3.7, 2.4.6 and 2.5.6, too. -- Jakub Wilk
Current thread:
- CVE request: distutils creates ~/.pypirc insecurely Vincent Danen (Mar 27)
- Re: CVE request: distutils creates ~/.pypirc insecurely Jakub Wilk (Mar 27)
- Re: CVE request: distutils creates ~/.pypirc insecurely Vincent Danen (Mar 27)
- Re: CVE request: distutils creates ~/.pypirc insecurely Kurt Seifried (Mar 27)
- Re: CVE request: distutils creates ~/.pypirc insecurely Vincent Danen (Mar 27)
- Re: CVE request: distutils creates ~/.pypirc insecurely Kurt Seifried (Mar 27)
- Re: CVE request: distutils creates ~/.pypirc insecurely Vincent Danen (Mar 27)
- Re: CVE request: distutils creates ~/.pypirc insecurely Vincent Danen (Mar 27)
- Re: CVE request: distutils creates ~/.pypirc insecurely Jakub Wilk (Mar 27)