Fedora has issued an advisory on April 26: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104603.html Judging from the upstream ChangeLog: http://www.pip-installer.org/en/latest/news.html#changelog It looks like it'd be better to find the patch for this issue, rather than upgrading to a newer version. You can find that in the upstream bug report, linked from RedHat's bug: https://bugzilla.redhat.com/show_bug.cgi?id=923974 Reproducible: Steps to Reproduce:
fixed
Status: NEW => RESOLVEDResolution: (none) => FIXED
Fixed in python-pip-1.3.1-2.mga3. Thanks Nicolas.