[Python-modules-team] Bug#710164: Embedded pip

[Tristan Seligmann]

Note that as of virtualenv 1.9, the embedded copy of pip is new enough
that it does not suffer from this vulnerability. I'm leaving the
security tag, as older versions of virtualenv are still affected, and
leaving the severity as the embedded copy of pip is still problematic.

Unfortunately, I don't think a simple dependency on python-pip is good
enough to replace the embedded copy; virtualenv needs a source
distribution of pip (in order to install it into the virtualenvs it
creates), but the python-pip binary package contains a "binary"
distribution of pip which I don't think can be used to install pip
into a virtualenv.
-- 
mithrandi, i Ainil en-Balandor, a faer Ambar