Hi Adam (2012.05.03_00:21:24_+0200)
That happened now, as #661272 which was recently fixed in sid (thanks
Stefano!). In terms of getting stable updated, either a 1.4.9-3squeeze2
package could be prepared incorporating the extra fixes, or we could
reject the original package and fix everything
On Fri, 2012-05-04 at 20:40 +0200, Stefano Rivera wrote:
Hi Adam (2012.05.03_00:21:24_+0200)
That happened now, as #661272 which was recently fixed in sid (thanks
Stefano!). In terms of getting stable updated, either a 1.4.9-3squeeze2
package could be prepared incorporating the extra
On Tue, 2011-12-20 at 20:18 +, Adam D. Barratt wrote:
On Tue, 2011-12-20 at 09:44 +0100, Piotr Ożarowski wrote:
[Adam D. Barratt, 2011-12-19]
[...]
Looking at the diff, and the equivalent code in the unstable package,
there seems to be a missing component - namely, that the directory
notfixed 652653 1.4.9-1
notfound 652653 1.6-1
fixed 652653 1.6-1
thanks
Hi Nico (2011.12.20_22:23:27_+0200)
I mark this as fixed in 1.4.9-1. It's true that the patch doesn't clean the
directory, but since that is not security related I don't mind. lenny/squeeze
still have the vulnerable
On Tue, 2011-12-20 at 20:18 +, Adam D. Barratt wrote:
On Tue, 2011-12-20 at 09:44 +0100, Piotr Ożarowski wrote:
[Adam D. Barratt, 2011-12-19]
Looking at the diff, and the equivalent code in the unstable package,
there seems to be a missing component - namely, that the directory
[Adam D. Barratt, 2011-12-19]
I noticed that an upload which appears to fix this issue (although
without reference the bug number) has appeared in p-u-NEW. Whilst
sorry, I didn't notice a bug was reported
that's an admirable turn-around :-) it really should have been discussed
with the SRMs
On Tue, 2011-12-20 at 09:44 +0100, Piotr Ożarowski wrote:
[Adam D. Barratt, 2011-12-19]
I noticed that an upload which appears to fix this issue (although
without reference the bug number) has appeared in p-u-NEW. Whilst
sorry, I didn't notice a bug was reported
No worries. I assumed
Hi,
* Adam D. Barratt a...@adam-barratt.org.uk [2011-12-20 21:22]:
On Tue, 2011-12-20 at 09:44 +0100, Piotr O??arowski wrote:
[...]
that's an admirable turn-around :-) it really should have been discussed
with the SRMs first, rather than simply uploading (I believe this is
well
On Tue, 2011-12-20 at 21:24 +0100, Nico Golde wrote:
Hi,
* Adam D. Barratt a...@adam-barratt.org.uk [2011-12-20 21:22]:
If the thread involved the security team saying please fix this via
proposed-updates, there's an implied by talking to the release team
attached. We're generally not
Package: python-virtualenv
Version: 1.4.9-3
Severity: grave
Tags: patch
Hi,
it was discovered that python-virtualenv is handling /tmp files in an insecure
manner.
The following patch fixed this problem:
https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5
A CVE id for this issue has
Hi,
On Mon, 2011-12-19 at 17:19 +0100, Nico Golde wrote:
it was discovered that python-virtualenv is handling /tmp files in an
insecure manner.
The following patch fixed this problem:
https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5
I noticed that an upload which appears to fix
11 matches
Mail list logo
