Bug 10007

Summary: python-pip new security issue CVE-2013-1888
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Lécureuil <mageia>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/549441/
Whiteboard:
Source RPM: python-pip-1.2.1-2.mga3.src.rpm CVE:
Status comment:

Description David Walser 2013-05-06 20:48:20 CEST 
Fedora has issued an advisory on April 26:
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104603.html

Judging from the upstream ChangeLog:
http://www.pip-installer.org/en/latest/news.html#changelog

It looks like it'd be better to find the patch for this issue, rather than upgrading to a newer version.  You can find that in the upstream bug report, linked from RedHat's bug:
https://bugzilla.redhat.com/show_bug.cgi?id=923974

Reproducible: 

Steps to Reproduce:
Comment 1 Nicolas Lécureuil 2013-05-08 23:39:46 CEST 
fixed

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 2 David Walser 2013-05-08 23:42:56 CEST 
Fixed in python-pip-1.3.1-2.mga3.  Thanks Nicolas.