Please update python-virtualenv to 1.10 (or newer). Current Currently 1.7.1 is delivered with Mageia 3, which contains an outdated pip, which again is not able to download from PyPI over SSL. Additionally, it's quite confusing to have different versions of pip inside and outside a virtualenv. https://pypi.python.org/pypi/virtualenv/1.10 writes: Warning: We advise installing virtualenv-1.9 or greater. Prior to version 1.9, the pip included in virtualenv did not not download from PyPI over SSL. Reproducible: Steps to Reproduce:
Steps to Reproduce: $ virtualenv -v xxx [...] Installing existing pip-1.1.tar.gz distribution: /usr/lib/python2.7/site-packages/virtualenv_support/pip-1.1.tar.gz [...]
Keywords: (none) => Junior_jobHardware: i586 => All
*** Bug 10955 has been marked as a duplicate of this bug. ***
Keywords: (none) => TriagedAssignee: bugsquad => makowski.mageia
Version 1.9.1 should be enough and would also fix the security issue in bundled pip 1.10 is a major change I would avoid for mga3
Status: NEW => ASSIGNED
Suggested advisory: ======================== Update to upstream 1.9.1 because of security issues with the bundled python-pip in older releases and to allow download from PyPI over SSL. ======================== Updated packages in core/updates_testing: ======================== python-virtualenv-1.9.1-1.1.mga3.noarch Source RPM: python-virtualenv-1.9.1-1.1.mga3.src
Keywords: Junior_job, Triaged => (none)Assignee: makowski.mageia => qa-bugs
Advisory 10956.adv uploaded to svn. Anyone have a test procedure?
CC: (none) => davidwhodgins
(In reply to Dave Hodgins from comment #5) > Anyone have a test procedure? virtualenv -v xxx | grep Install should give pip.1.3.1.
Doesn't actually show that pip is working, but I'll accept that. Testing complete on Mageia 3 i586 and x86_64. Could someone from the sysadmin team push 10956.adv to updates.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA3-64-OK MGA3-32-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGAA-2013-0082.html
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
This has been assigned CVE-2013-1629.
URL: https://pypi.python.org/pypi/virtualenv => http://lwn.net/Vulnerabilities/566721/CC: (none) => luigiwalser