oss-sec mailing list archives
Re: CVE Request: Insecure Software Download in pip
From: Donald Stufft <donald () stufft io>
Date: Wed, 7 Aug 2013 13:23:14 -0400
On Jul 31, 2013, at 4:11 AM, Kurt Seifried <kseifried () redhat com> wrote:
Ok I have no info on that CVE, is it embargoed? I can't find it in google after a quick search. I need to see that one before I can assign anything. As for the reserved thing:
This CVE has been fixed, and it is for the issue where pip prior to 1.3 did not download from the central repository using TLS https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1629 So back to the question of mirroring, possible to get a CVE for that now? :) ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: CVE Request: Insecure Software Download in pip, (continued)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 27)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 29)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 29)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 29)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 30)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Raphael Geissert (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 03)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 07)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Aug 21)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 21)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Aug 21)