oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: python-pip insecure temporary directory handling

From: David Black <disclosure () d1b org>
Date: Fri, 22 Mar 2013 19:20:36 +1100
On Fri, Mar 22, 2013 at 5:28 PM, Kurt Seifried <kseifried () redhat com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/20/2013 08:13 AM, David Black wrote:

Prior to version 1.3 pip used '/tmp/pip-build' as a temporary
directory and as per the report in
https://github.com/pypa/pip/issues/725 would follow a symbolic
link placed at '/tmp/pip-build' when writing temporary files.



Is this the one actually fixed in
https://github.com/pypa/pip/pull/780/files

? thanks.


Yes it is.
Previous By Date Next
Previous By Thread Next

Current thread: