Your message dated Wed, 23 Oct 2013 06:04:13 +0000
with message-id <[email protected]>
and subject line Bug#726093: fixed in python-scipy 0.12.0-3
has caused the Debian Bug report #726093,
regarding python-scipy: CVE-2013-4251: weave /tmp and current directory issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
726093: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726093
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python-scipy
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for python-scipy.
CVE-2013-4251[0]:
weave /tmp and current directory issues
For more details see also the RedHat Bugreport [1]. Upstream released
0.12.1[2] this issue and a the corresponding commit is at [3].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4251
http://security-tracker.debian.org/tracker/CVE-2013-4251
[1] https://bugzilla.redhat.com/show_bug.cgi?id=916690
[2] http://sourceforge.net/projects/scipy/files/scipy/0.12.1/
[3]
https://github.com/scipy/scipy/commit/bd296e0336420b840fcd2faabb97084fd252a973
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-scipy
Source-Version: 0.12.0-3
We believe that the bug you reported is fixed in the latest version of
python-scipy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julian Taylor <[email protected]> (supplier of updated python-scipy
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 22 Oct 2013 23:44:47 +0200
Source: python-scipy
Binary: python-scipy python3-scipy python-scipy-dbg python3-scipy-dbg
Architecture: source amd64
Version: 0.12.0-3
Distribution: unstable
Urgency: high
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Julian Taylor <[email protected]>
Description:
python-scipy - scientific tools for Python
python-scipy-dbg - scientific tools for Python - debugging symbols
python3-scipy - scientific tools for Python 3
python3-scipy-dbg - scientific tools for Python 3 - debugging symbols
Closes: 726093
Changes:
python-scipy (0.12.0-3) unstable; urgency=high
.
* temporary-directory-usage.patch:
fix insecure temporary directory usage of weave module. (Closes: #726093)
Thanks to Tomas Tomecek for the patch.
Checksums-Sha1:
5746eaef3d4af7595a4e83e23c92ed4b1eb9578f 2676 python-scipy_0.12.0-3.dsc
5c0b8b559d6a423118e167a61c8f3f31843e4a7b 21202
python-scipy_0.12.0-3.debian.tar.gz
b1e9cd50fb9e2a382053d0e4e1218cff1eb0655e 7403276
python-scipy_0.12.0-3_amd64.deb
f7d3ffa361aeb968d587cbdf4bb0c1da1e5b4646 7046612
python3-scipy_0.12.0-3_amd64.deb
0d89c0ff77eda7daede06e6e1342ccd7b7d5541a 10227802
python-scipy-dbg_0.12.0-3_amd64.deb
f3963d2363b42aad61142a688de521677b3e4bc1 10261850
python3-scipy-dbg_0.12.0-3_amd64.deb
Checksums-Sha256:
a35c36cee6e9f8e3e27387d9cf959afeb05550b2f5565e41ceb8c2bac2f590cc 2676
python-scipy_0.12.0-3.dsc
f4fac3d1e0454db0c27589cec465b77f2e8765e0064c578f10fc772b73c47b83 21202
python-scipy_0.12.0-3.debian.tar.gz
7ab74f94336465119e890ebd35d374a90bb48a29c345fdeeb976cd530472c678 7403276
python-scipy_0.12.0-3_amd64.deb
47b2662cd0f81830ff7a079434eabee7f00a494d2d2a4ca0897ce9432694ee0c 7046612
python3-scipy_0.12.0-3_amd64.deb
71cc7d228acc1d2ae34a10a893e6f331eea5d094615c4229dbfca8504244352b 10227802
python-scipy-dbg_0.12.0-3_amd64.deb
d02d383ef359d0ecfe040c3054f4d457148b0b77ea1808746353f47a5b7e6124 10261850
python3-scipy-dbg_0.12.0-3_amd64.deb
Files:
ab4293508e43879ae87828be0935eea4 2676 python extra python-scipy_0.12.0-3.dsc
ea8cce1f331e20e47d51589556d70a43 21202 python extra
python-scipy_0.12.0-3.debian.tar.gz
ba402d052ec2f4fbbd9da0e7a762f20c 7403276 python extra
python-scipy_0.12.0-3_amd64.deb
7a19e1522cf1e9f0dc1e49ecb6a9072a 7046612 python extra
python3-scipy_0.12.0-3_amd64.deb
bdaaeb259b9c0def198fbebe004bcbb3 10227802 debug extra
python-scipy-dbg_0.12.0-3_amd64.deb
f7b9739209958ed94038267923af9d39 10261850 debug extra
python3-scipy-dbg_0.12.0-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJSZ2TPAAoJEAVMuPMTQ89EH+YP/3aUDqSh9QGUFQDZmp1o7cqD
bQbdM31dIz9ienw2MCBogMOfFtAkIED6D+QxECyF9wbH/AHgjpMZylTDreWEAfh3
CBGQsrRejrFo9rYfq/TLav0ki7+/0jnEqliRSCDXdZrbxZJu7B8hEE3RvKaD6Hbu
PfsUl1hMMZj4GxStBD68OFCxHjZo5T/RSf72oUSnLW1qz+WG6WBioo/N5ytrS/zC
49sphUxvQaiLTS2SwucrBwK1Ib2w7XOVxEeBqAWZ2Io9MZVk/UJYu6h/fC/7lrUo
2epaQ5/uHui417rs6gpYJFeKEAxRkRldjGDxlfMhQUxVIXkEfHuhiMj0M+ibtoSR
oMGX/Yw4FYF9zZHiPpFJu6Kd+qaUUtyugO24VAhsFAYsO4jU1bj5UpCJlxBs4X/S
QGoIv4uLOiF41OL1dTpeUJPcds4DxIVBsjbS4PPIhVcY27D2dDATPR6IZAupdfRp
yUAryiyaPEjrCEdyDbWXmZpm9z4FyBJWRKRRw68VQUBA7epsHwA3gPDTwgDQdJew
zibcVPugloBeHwfKCSAo7qEMyQ4fna8xbGMpkuEopmL/4+adn2Hvb/NoqxqvmRNw
qjaBsJw2tE+ygApIylD1BCebWpCS74kEx0GfPVWb82oxCZo/m31i2p8tqPlzXlZv
KXdbURMgXAWMmjlwiGVl
=xhfU
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
