On Fri, 2012-05-04 at 20:40 +0200, Stefano Rivera wrote:
> Hi Adam (2012.05.03_00:21:24_+0200)
> > That happened now, as #661272 which was recently fixed in sid (thanks
> > Stefano!). In terms of getting stable updated, either a 1.4.9-3squeeze2
> > package could be prepared incorporating the extra
Hi Adam (2012.05.03_00:21:24_+0200)
> That happened now, as #661272 which was recently fixed in sid (thanks
> Stefano!). In terms of getting stable updated, either a 1.4.9-3squeeze2
> package could be prepared incorporating the extra fixes, or we could
> reject the original package and fix everyth
On Tue, 2011-12-20 at 20:18 +, Adam D. Barratt wrote:
> On Tue, 2011-12-20 at 09:44 +0100, Piotr Ożarowski wrote:
> > [Adam D. Barratt, 2011-12-19]
[...]
> > > Looking at the diff, and the equivalent code in the unstable package,
> > > there seems to be a missing component - namely, that the di
notfixed 652653 1.4.9-1
notfound 652653 1.6-1
fixed 652653 1.6-1
thanks
Hi Nico (2011.12.20_22:23:27_+0200)
> I mark this as fixed in 1.4.9-1. It's true that the patch doesn't clean the
> directory, but since that is not security related I don't mind. lenny/squeeze
> still have the vulnerable co
On Tue, 2011-12-20 at 20:18 +, Adam D. Barratt wrote:
> On Tue, 2011-12-20 at 09:44 +0100, Piotr Ożarowski wrote:
> > [Adam D. Barratt, 2011-12-19]
> > > Looking at the diff, and the equivalent code in the unstable package,
> > > there seems to be a missing component - namely, that the director
On Tue, 2011-12-20 at 21:24 +0100, Nico Golde wrote:
> Hi,
> * Adam D. Barratt [2011-12-20 21:22]:
> > If the thread involved the security team saying "please fix this via
> > proposed-updates", there's an implied "by talking to the release team"
> > attached. We're generally not involved in such
Hi,
* Adam D. Barratt [2011-12-20 21:22]:
> On Tue, 2011-12-20 at 09:44 +0100, Piotr O??arowski wrote:
[...]
> > > that's an admirable turn-around :-) it really should have been discussed
> > > with the SRMs first, rather than simply uploading (I believe this is
> > > well documented enough by no
On Tue, 2011-12-20 at 09:44 +0100, Piotr Ożarowski wrote:
> [Adam D. Barratt, 2011-12-19]
> > I noticed that an upload which appears to fix this issue (although
> > without reference the bug number) has appeared in p-u-NEW. Whilst
>
> sorry, I didn't notice a bug was reported
No worries. I assu
[Adam D. Barratt, 2011-12-19]
> I noticed that an upload which appears to fix this issue (although
> without reference the bug number) has appeared in p-u-NEW. Whilst
sorry, I didn't notice a bug was reported
> that's an admirable turn-around :-) it really should have been discussed
> with the S
Hi,
On Mon, 2011-12-19 at 17:19 +0100, Nico Golde wrote:
> it was discovered that python-virtualenv is handling /tmp files in an
> insecure manner.
> The following patch fixed this problem:
> https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5
I noticed that an upload which appears to f
Package: python-virtualenv
Version: 1.4.9-3
Severity: grave
Tags: patch
Hi,
it was discovered that python-virtualenv is handling /tmp files in an insecure
manner.
The following patch fixed this problem:
https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5
A CVE id for this issue has been
11 matches
Mail list logo
