[Python-modules-team] Bug#726093: python-scipy: CVE-2013-4251: weave /tmp and current directory issues
Moritz Mühlenhoff
jmm at inutil.org
Sat Nov 29 22:08:56 UTC 2014
On Wed, Oct 23, 2013 at 08:04:17AM +0200, Salvatore Bonaccorso wrote:
> Hi Julian,
>
> On Wed, Oct 23, 2013 at 01:16:36AM +0200, Julian Taylor wrote:
> > On 22.10.2013 08:43, Salvatore Bonaccorso wrote:
> > > Hi Julian,
> > >
> > > Cc'ing Julian directly as per short discussion on IRC.
> > >
> > > On IRC you mentioned that you are looking at this issue. Did you had a
> > > chance to prepare the upload for unstable?
> > >
> >
> > I have prepared updates for unstable, wheezy and squeeze, which require
> > sponsoring:
> >
> > http://anonscm.debian.org/viewvc/python-modules/packages/scipy/branches/
> >
> > for wheezy and squeeze a little extra checking if the
> > packaging/versioning is done correctly is appreciated as this is my
> > first stable update in debian.
> >
> > Tested the packages by running scipys testsuite and a couple weave
> > commands on all supported python versions.
>
> Thanks for you update. I only had a look at the unstable version (so
> far at least), and looks good. I have uploaded it as provided by you.
> (Only small "nitpick", please always include the CVE reference in the
> changelog as this will ease the work of the security team tracking
> the issues).
>
> For uploads to (old-)stable, please see [1]. (btw, the versioning
> 0.7.2+dfsg1-1+squeeze1 for oldstable, and 0.10.1+dfsg2-1+deb7u1 for
> stable looks good).
This is still unfixed in Wheezy, do you still plan to fix this in a
Wheezy point update?
Cheers,
Moritz
More information about the Python-modules-team
mailing list