oss-sec mailing list archives
Re: CVE Request: Insecure Software Download in pip
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 21 Aug 2013 14:19:09 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/07/2013 11:23 AM, Donald Stufft wrote:
On Jul 31, 2013, at 4:11 AM, Kurt Seifried <kseifried () redhat com <mailto:kseifried () redhat com>> wrote:Ok I have no info on that CVE, is it embargoed? I can't find it in google after a quick search. I need to see that one before I can assign anything. As for the reserved thing:This CVE has been fixed, and it is for the issue where pip prior to 1.3 did not download from the central repository using TLS https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1629 So back to the question of mirroring, possible to get a CVE for that now? :) ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
Ack sorry catching up. Please use CVE-2013-4266 for the insecure mirroring stuff. Can you post the Python bug URL for this again? thanks. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSFSC9AAoJEBYNRVNeJnmTCxIP/iAbXnPgKfRjlgCGYknvTjIN wqlj3kvHUOhME6V+ihjKVpQMIFCNJRePWPSAGswyNHh4/zuONqhy23Mf55dXxF1d nNrQZxyOaa/LroY6YwLGQl8Lc7fa8ZmnzFZNd+c+q4YU6nIbJRjQrihAGuLhc+NA Vm+3W+nz7raq5Spe19RK7QXiWu6tLaonT4frdc7CjqrVRrYqDtdnut10o5vFvPJU 3sUXReKjLMG0sB7PaYYlcL3EO/cGaVOM03deylDx59S80awHc09iVyMET6alSYrO 2XTru+Cur7le+SbU5vrCuC0Sxwe/IC3VkEQhwEiz2jPxTcxTOleLJKpEnrabcf+b 4eaZ939oJgw7D5pPph2wkoIyF1/AJxV7L+yWIR5Swk265zYdVaWogBFSNoHbF7dw nnb2KOcB28R+0lVIszRHgrwyeqJhW9jkJxmTXbQqMiC4IJ/jh5a7FcdtAAiY7To6 htfmXReGRxqA3+HpQleS9xhLEHF4iU4xuCRSgYfjrlj96Fdo+YDSppOeMMQME0RX Gr1Qh0AErF7HZxfoXeKpyWnKPxuiKDeamD+aSmGPTx+9Y8NLezMYCrZcKRUMJZuD eVEHYbLHYAKtwksgVJF2ToxmtCN87eqE5PbWi0RHaoXrhQyE3zPP5UrO0OwpO2r3 c1DPYPHPECR4lrjm33Zs =1q5a -----END PGP SIGNATURE-----
Current thread:
- Re: CVE Request: Insecure Software Download in pip, (continued)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 29)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 29)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 29)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 30)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Raphael Geissert (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 03)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 07)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Aug 21)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 21)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Aug 21)