[Python-modules-team] Bug#652653: marked as done (python-virtualenv: insecure /tmp file handling)

Sat, 05 May 2012 05:33:19 -0700 

Your message dated Sat, 05 May 2012 11:47:08 +0000
with message-id <e1sqds8-00049k...@franck.debian.org>
and subject line Bug#652653: fixed in python-virtualenv 1.4.9-3squeeze1
has caused the Debian Bug report #652653,
regarding python-virtualenv: insecure /tmp file handling
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
652653: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652653
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: python-virtualenv
Version: 1.4.9-3
Severity: grave
Tags: patch

Hi,
it was discovered that python-virtualenv is handling /tmp files in an insecure 
manner.
The following patch fixed this problem:
https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5

A CVE id for this issue has been requested.

Kind regards
Nico

--- End Message ---
--- Begin Message --- 
Source: python-virtualenv
Source-Version: 1.4.9-3squeeze1

We believe that the bug you reported is fixed in the latest version of
python-virtualenv, which is due to be installed in the Debian FTP archive:

python-virtualenv_1.4.9-3squeeze1.debian.tar.gz
  to main/p/python-virtualenv/python-virtualenv_1.4.9-3squeeze1.debian.tar.gz
python-virtualenv_1.4.9-3squeeze1.dsc
  to main/p/python-virtualenv/python-virtualenv_1.4.9-3squeeze1.dsc
python-virtualenv_1.4.9-3squeeze1_all.deb
  to main/p/python-virtualenv/python-virtualenv_1.4.9-3squeeze1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 652...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefano Rivera <stefa...@debian.org> (supplier of updated python-virtualenv 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 04 May 2012 20:31:24 +0200
Source: python-virtualenv
Binary: python-virtualenv
Architecture: source all
Version: 1.4.9-3squeeze1
Distribution: stable
Urgency: high
Maintainer: Debian Python Modules Team 
<python-modules-team@lists.alioth.debian.org>
Changed-By: Stefano Rivera <stefa...@debian.org>
Description: 
 python-virtualenv - Python virtual environment creator
Closes: 652653 661272
Changes: 
 python-virtualenv (1.4.9-3squeeze1) stable; urgency=high
 .
   [ Piotr Ożarowski ]
   * Apply upstream's 8be37c509fe5 commit (to use proper temp. dir instead of
     /tmp) (CVE-2011-4617, Closes: #652653)
 .
   [ Stefano Rivera ]
   * Team upload.
   * Backport cleanup_tmpdirs.patch from 1.7.1.2-1.
     Cleanup temporary working directories. (Closes: #661272)
Checksums-Sha1: 
 546ba2a239df59a736988ad4c43481764abb9c74 2154 
python-virtualenv_1.4.9-3squeeze1.dsc
 754016e6a2e5300776b8d8a25df101297ebaf64a 22226 
python-virtualenv_1.4.9-3squeeze1.debian.tar.gz
 34d6aee33caa10e7dc6a7f8a3fe7120f620283ad 1507028 
python-virtualenv_1.4.9-3squeeze1_all.deb
Checksums-Sha256: 
 5540b3aaed0e0f6ea180e2bf4212b878e374e9c9ff75619bdce5c6e9495a17ad 2154 
python-virtualenv_1.4.9-3squeeze1.dsc
 2e04fd719f5f33af567b10c1e03e384dabccb9a39223b47b48c7d50958b1b9c5 22226 
python-virtualenv_1.4.9-3squeeze1.debian.tar.gz
 3dd45720f5c86e04993cd849988e0caca651e4eb292ceaec91782ce066dc7195 1507028 
python-virtualenv_1.4.9-3squeeze1_all.deb
Files: 
 890e641dce1ed40b066def6eefd15d9a 2154 python optional 
python-virtualenv_1.4.9-3squeeze1.dsc
 721d356b2146aac73a7a4e4d8e83086a 22226 python optional 
python-virtualenv_1.4.9-3squeeze1.debian.tar.gz
 ce7b373c09b041cb1aeab20d3c21db99 1507028 python optional 
python-virtualenv_1.4.9-3squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJPpDftAAoJEACQ/CG1zRrMUYMP/ibc3FC9YaEuh9j+gDkF4OUb
HZvGB5wlDwkCxMB4wmuAf+H6bnxAI0FhkTYZYxDbn/nxhFeZetFwTK3asfXy9L/m
p9shXg1mP3a79P1E761qpj3+cVvQHPH6rNwEF3jqET4zHgwoymueC56IA11GeARM
+qqn5aGMJZEEikvL3NULz0MBVxrsphlIvh5kP1EyK7EmAHrOv1FL/cIIve9QvhRa
rgU1pUak0wcup87Z8VH5PdiSF8bbB+qEfQYC9iSm6WdpJLZF8jOzeOQkFTQPwxmB
Ozdrhs1Z42RxRcPWiAET5uR46nF+gEBWMQGLMQ7/PKxR9v0fsmFeGgZ64fT+006Z
aKwObBLO6+vLSWWOtuefPoIzawm9i+MAMPfYdbzDB5bpHO3UvIcQ1koQlkqmhiFT
aAKhrEXaRnacABrQlFjZkNLv5r3BoqOzG2f0ZYljZ7BbVWyT/lPE3vLBSwAQPPrb
jR+lTJH6s/4nb5mgVK7Q9peABB6y9H7nUTE8d/sG6rY6n5H9GlBVpOKLjB9JqUAZ
MegYkMNI2szv259gbCFBbErgeWeF3oTXpZJKDSIcZ/7Z8tZV84obcLxy7MwDHXWl
KLoab7rlwSruCawKF8dHBgYYN818DHkAKZTXNx3oSvszdgrclSuS6jn7+3ixBuSK
fupQqazaI+8RXF7xhsV5
=5S07
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Python-modules-team mailing list
Python-modules-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team

Reply via email to