oss-sec mailing list archives
Re: CVE Request: Insecure Software Download in pip
From: Raphael Geissert <geissert () debian org>
Date: Wed, 31 Jul 2013 10:33:09 +0200
On 31 July 2013 10:11, Kurt Seifried <kseifried () redhat com> wrote:
On 07/30/2013 12:44 PM, Donald Stufft wrote:There was a CVE for pip not verifying TLS, https://access.redhat.com/security/cve/CVE-2013-1629 However that says it was RESERVED so I'm not sure how to make that unreserved? I've not done much with requesting CVEs before.Ok I have no info on that CVE, is it embargoed? I can't find it in google after a quick search. I need to see that one before I can assign anything.
From the bugzilla info: "source=debian", and looking at our tracker:
https://security-tracker.debian.org/tracker/CVE-2013-1629 points to: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710163 I don't know who assigned the id, however. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE Request: Insecure Software Download in pip Donald Stufft (Jul 25)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 27)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 27)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 27)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 29)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 29)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 29)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 30)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Raphael Geissert (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 03)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 27)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 07)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Aug 21)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 21)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Aug 21)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 27)