oss-sec mailing list archives

Re: Re: Issue with PYTHON_EGG_CACHE

From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 15 Dec 2013 14:06:59 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/15/2013 01:23 PM, Jeremy Stanley wrote:

On 2013-12-15 14:47:12 -0500 (-0500), cve-assign () mitre org wrote:

This message seems to disclose a vulnerability in an unspecified 
version of OpenStack Swift.

[...]

Use CVE-2013-7109 for this report about OpenStack Swift. Again, 
CVE-2013-7109 is not an ID for which setuptools is the affected 
product.


I don't think this was intended as a CVE request. The OpenStack
VMT had already determined this was non-exploitable in Swift over
the course of https://launchpad.net/bugs/1192966 and explicitly
decided not to request a CVE nor issue an advisory.


Sorry yeah I should have been more clear, I was trying to show that
it's a pretty common coding pattern to use /tmp for PYTHON_EGG_CACHE,
that specific instance was a bad one (it's about the only example
where it isn't actually a vulnerability =).

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSrhnzAAoJEBYNRVNeJnmThEIQANRpRcScoEpFlEEOqx+KD2mz
ATIVF1xrH5FDAr4tY8Mtg+5QuxcUwsWj69Z0C2sgQ/1xEcNX6VJwTD9576tCBWDv
x6J4ZzXhGxFvlcCi2XiKb9qgD0WUy/TeBU2+EOoT1fwhRUhvJED/4QHxcQ8RM4aW
IaBUMuf/MYE/cu2mYjRqFYXCEsy+1oLHztnI361pwWa8XplKxfi+K1slw4BAof6M
Kw3CsErzQQkn/g1fIH3AbruBnnbmJjaXkC3dIahOJGWZfKcYLb84i7Gr3x5Crpkg
Zdr8SdqFfm8b28s1EWDDJ/M5w+LeDg6n6y/LlPkVxK3jPKAQsAm4BUwcMK5sPFV6
G4uAzOYvbjbVyPHKW5ASXqPqcXazzuy0ObPpglp9l18jECRsXYmriTY6OR/YLUMF
VmzPo39VoQZ1CTB28dASrKLrtsvBzBw7ZZelUMRh+WXto1OiJtAG9VVoG+nWO4jy
or+HRAGX2fzEhHsr0GPWuubzOQ/t+Q0EotJ3pdTimPtWWCla7kIDZBHvbm42VtOq
emow+XFS5an8Gh2niTAyOuCmijNusUEaPSF2VfepOzHkfty9oGpRvp7K3YMVCg0Y
ex2hAboT9xXshvutVFaUU/31gQTQvoEiCZkNt36SVBIeU5fTPmvBJRy6fFgyfKJ7
OCqwxY4qSu/HY6px76TV
=9kSr
-----END PGP SIGNATURE-----

Current thread:

Issue with PYTHON_EGG_CACHE Grant Murphy (Dec 08)
- Re: Issue with PYTHON_EGG_CACHE cve-assign (Dec 09)
  - Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 13)
    - Re: Issue with PYTHON_EGG_CACHE cve-assign (Dec 15)
    - Re: Re: Issue with PYTHON_EGG_CACHE Jeremy Stanley (Dec 15)
    - Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 15)
    - Re: Re: Issue with PYTHON_EGG_CACHE Yves-Alexis Perez (Dec 16)
    - Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 16)
    - Re: Re: Issue with PYTHON_EGG_CACHE Yves-Alexis Perez (Dec 17)