oss-sec mailing list archives
Re: Re: Issue with PYTHON_EGG_CACHE
From: Yves-Alexis Perez <corsac () debian org>
Date: Mon, 16 Dec 2013 18:14:56 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Sun, Dec 15, 2013 at 02:06:59PM -0700, Kurt Seifried wrote:
On 12/15/2013 01:23 PM, Jeremy Stanley wrote:On 2013-12-15 14:47:12 -0500 (-0500), cve-assign () mitre org wrote:This message seems to disclose a vulnerability in an unspecified version of OpenStack Swift.[...]Use CVE-2013-7109 for this report about OpenStack Swift. Again, CVE-2013-7109 is not an ID for which setuptools is the affected product.I don't think this was intended as a CVE request. The OpenStack VMT had already determined this was non-exploitable in Swift over the course of https://launchpad.net/bugs/1192966 and explicitly decided not to request a CVE nor issue an advisory.Sorry yeah I should have been more clear, I was trying to show that it's a pretty common coding pattern to use /tmp for PYTHON_EGG_CACHE, that specific instance was a bad one (it's about the only example where it isn't actually a vulnerability =).
Does this mean CVE-2013-7109 should be REJECTed or not? Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJSrzUMAAoJEG3bU/KmdcClvrkH/2BEhKHg11/3i5+d12QzHjdl LsvKQxgTslOVE4S9Pej++rGUrEx+HtKw09nosCg0kp/8X75nH0NScr78UvW0g9/L azpqkBPSPK42FktL1z+V8igiv5gS0WNQfILV6lXMhvNng18VO0+FIkDuBZYKXFw3 C5i8geFsLKrFwJT0n3nUAm6o8eaTW2sGt5SINA8enGJHV0hFRqZ7reI/fiRbiVmw 4QzIPlkFukVPnbTyUN47NXIvhlyP/mcy0d5dh0HNt/6/TKbflhHBnB7wjskJS3Cm dgj+75e3hdllqP0McTCt8uPvVadtLYtHzAr/6BdevNrAh4jk4jAilp0Y3HO04C4= =XegA -----END PGP SIGNATURE-----
Current thread:
- Issue with PYTHON_EGG_CACHE Grant Murphy (Dec 08)
- Re: Issue with PYTHON_EGG_CACHE cve-assign (Dec 09)
- Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 13)
- Re: Issue with PYTHON_EGG_CACHE cve-assign (Dec 15)
- Re: Re: Issue with PYTHON_EGG_CACHE Jeremy Stanley (Dec 15)
- Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 15)
- Re: Re: Issue with PYTHON_EGG_CACHE Yves-Alexis Perez (Dec 16)
- Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 16)
- Re: Re: Issue with PYTHON_EGG_CACHE Yves-Alexis Perez (Dec 17)
- Re: Re: Issue with PYTHON_EGG_CACHE Kurt Seifried (Dec 13)
- Re: Issue with PYTHON_EGG_CACHE cve-assign (Dec 09)