Your message dated Thu, 31 Jul 2014 11:04:35 +0000
with message-id <[email protected]>
and subject line Bug#726093: fixed in python-scipy 0.7.2+dfsg1-1+deb6u1
has caused the Debian Bug report #726093,
regarding python-scipy: CVE-2013-4251: weave /tmp and current directory issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
726093: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726093
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python-scipy
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for python-scipy.
CVE-2013-4251[0]:
weave /tmp and current directory issues
For more details see also the RedHat Bugreport [1]. Upstream released
0.12.1[2] this issue and a the corresponding commit is at [3].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4251
http://security-tracker.debian.org/tracker/CVE-2013-4251
[1] https://bugzilla.redhat.com/show_bug.cgi?id=916690
[2] http://sourceforge.net/projects/scipy/files/scipy/0.12.1/
[3]
https://github.com/scipy/scipy/commit/bd296e0336420b840fcd2faabb97084fd252a973
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-scipy
Source-Version: 0.7.2+dfsg1-1+deb6u1
We believe that the bug you reported is fixed in the latest version of
python-scipy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Raphael Geissert <[email protected]> (supplier of updated python-scipy
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 31 Jul 2014 10:39:02 +0200
Source: python-scipy
Binary: python-scipy python-scipy-dbg
Architecture: source amd64
Version: 0.7.2+dfsg1-1+deb6u1
Distribution: squeeze-lts
Urgency: low
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Raphael Geissert <[email protected]>
Description:
python-scipy - scientific tools for Python
python-scipy-dbg - scientific tools for Python - debugging symbols
Closes: 726093
Changes:
python-scipy (0.7.2+dfsg1-1+deb6u1) squeeze-lts; urgency=low
.
* Fix CVE-2013-4251: insecure handling of temporary directory
(Closes: #726093)
Checksums-Sha1:
cb2842b2a965e8bdbe22c04eab507f0e32ea3e46 1825
python-scipy_0.7.2+dfsg1-1+deb6u1.dsc
558eff6a9481310412f4afa30b200787e12c6908 4651354
python-scipy_0.7.2+dfsg1.orig.tar.gz
a24ffca34776c7ec49c085236f5d56c20d3ca1e7 14773
python-scipy_0.7.2+dfsg1-1+deb6u1.debian.tar.gz
d457649af91ebc2a7ee4fc26f5c55e22ec0edc8c 10344504
python-scipy_0.7.2+dfsg1-1+deb6u1_amd64.deb
f9e424a5f458b5dafa88f2d10a3badfe4e725baa 24092688
python-scipy-dbg_0.7.2+dfsg1-1+deb6u1_amd64.deb
Checksums-Sha256:
87effc71eeaac541084907c74a288a7c6f5a3e509562b78e71a826d694866b4e 1825
python-scipy_0.7.2+dfsg1-1+deb6u1.dsc
922d93c19de2ef004ffa2888465592aaf20c26b1a6c2d8c3cd5bad8a1710e361 4651354
python-scipy_0.7.2+dfsg1.orig.tar.gz
a1a5d94581dec82740199ccdc114b4e61fc7a4aa5acb76f059c5c8e253fbffd7 14773
python-scipy_0.7.2+dfsg1-1+deb6u1.debian.tar.gz
167d5e810fe57888dd7b74d27236e21d6e06ac9a473cd6c2acf59dd968757e6c 10344504
python-scipy_0.7.2+dfsg1-1+deb6u1_amd64.deb
7ad7397b6ad45033afe80d098b660f759423a795c86f9118fd3e3b9a1458c8a0 24092688
python-scipy-dbg_0.7.2+dfsg1-1+deb6u1_amd64.deb
Files:
76067f457775c5f87c158544b64b39ee 1825 python extra
python-scipy_0.7.2+dfsg1-1+deb6u1.dsc
5f5a625ba5ae9dc08fd88c3f2115b74b 4651354 python extra
python-scipy_0.7.2+dfsg1.orig.tar.gz
d7e34e50d09282f229d1febaf6f76fa5 14773 python extra
python-scipy_0.7.2+dfsg1-1+deb6u1.debian.tar.gz
c21ea2602e3ec6e82e88f25987134fb2 10344504 python extra
python-scipy_0.7.2+dfsg1-1+deb6u1_amd64.deb
4b97e02b375325c09223f43a87a025db 24092688 debug extra
python-scipy-dbg_0.7.2+dfsg1-1+deb6u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlPaICoACgkQYy49rUbZzlr0UQCfZvrZl1A2uFraIy3sTtokKqxk
54MAnid6MUBGteuxGDwZKOCv0PXxIUQq
=4f11
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
