Bug 10007 - python-pip new security issue CVE-2013-1888
Summary: python-pip new security issue CVE-2013-1888
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Nicolas Lécureuil
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/549441/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-05-06 20:48 CEST by David Walser
Modified: 2013-05-08 23:42 CEST (History)
0 users

See Also:
Source RPM: python-pip-1.2.1-2.mga3.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-05-06 20:48:20 CEST 
Fedora has issued an advisory on April 26:
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104603.html

Judging from the upstream ChangeLog:
http://www.pip-installer.org/en/latest/news.html#changelog

It looks like it'd be better to find the patch for this issue, rather than upgrading to a newer version.  You can find that in the upstream bug report, linked from RedHat's bug:
https://bugzilla.redhat.com/show_bug.cgi?id=923974

Reproducible: 

Steps to Reproduce:
Comment 1 Nicolas Lécureuil 2013-05-08 23:39:46 CEST 
fixed

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 2 David Walser 2013-05-08 23:42:56 CEST 
Fixed in python-pip-1.3.1-2.mga3.  Thanks Nicolas.
Note You need to log in before you can comment on or make changes to this bug.