Package: python-pip Version: 1.1-3 Severity: serious Tags: security Justification: security
Hello, It appears as if python-pip in Debian (all versions supported) suffers from CVE-2013-1629. This CVE appears to still be "reserved", but is clearly described in a few places on the internet[0],[1]. A new version uploaded to sid would solve this problem there, but to backport these issues to wheezy and squeeze may be a bit difficult. Thanks, micah 0. http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/ 1. https://github.com/TheTorProject/ooni-backend/pull/1#discussion_r4084881 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-pip depends on: ii python 2.7.3-5 ii python-pkg-resources 0.6.37-1 ii python-setuptools 0.6.37-1 ii python2.6 2.6.8-2 Versions of packages python-pip recommends: ii build-essential 11.6 pn python-dev-all <none> python-pip suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
