Re: Re: Issue with PYTHON_EGG_CACHE

[Yves-Alexis Perez <corsac () debian org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Sun, Dec 15, 2013 at 02:06:59PM -0700, Kurt Seifried wrote:
> On 12/15/2013 01:23 PM, Jeremy Stanley wrote:
> > On 2013-12-15 14:47:12 -0500 (-0500), cve-assign () mitre org wrote:
> > > This message seems to disclose a vulnerability in an unspecified 
> > > version of OpenStack Swift.
> > [...]
> > > Use CVE-2013-7109 for this report about OpenStack Swift. Again, 
> > > CVE-2013-7109 is not an ID for which setuptools is the affected 
> > > product.
> >
> > I don't think this was intended as a CVE request. The OpenStack
> > VMT had already determined this was non-exploitable in Swift over
> > the course of https://launchpad.net/bugs/1192966 and explicitly
> > decided not to request a CVE nor issue an advisory.
>
> Sorry yeah I should have been more clear, I was trying to show that
> it's a pretty common coding pattern to use /tmp for PYTHON_EGG_CACHE,
> that specific instance was a bad one (it's about the only example
> where it isn't actually a vulnerability =).

Does this mean CVE-2013-7109 should be REJECTed or not?

Regards,
- -- 
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBCgAGBQJSrzUMAAoJEG3bU/KmdcClvrkH/2BEhKHg11/3i5+d12QzHjdl
LsvKQxgTslOVE4S9Pej++rGUrEx+HtKw09nosCg0kp/8X75nH0NScr78UvW0g9/L
azpqkBPSPK42FktL1z+V8igiv5gS0WNQfILV6lXMhvNng18VO0+FIkDuBZYKXFw3
C5i8geFsLKrFwJT0n3nUAm6o8eaTW2sGt5SINA8enGJHV0hFRqZ7reI/fiRbiVmw
4QzIPlkFukVPnbTyUN47NXIvhlyP/mcy0d5dh0HNt/6/TKbflhHBnB7wjskJS3Cm
dgj+75e3hdllqP0McTCt8uPvVadtLYtHzAr/6BdevNrAh4jk4jAilp0Y3HO04C4=
=XegA
-----END PGP SIGNATURE-----