Advisories ยป MGASA-2013-0274

Updated python-setuptools and python-virtualenv packages fix security vulnerability

Publication date: 13 Sep 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-1633

Description

easy_install in setuptools before 0.7 uses HTTP to retrieve packages from
the PyPI repository, and does not perform integrity checks on package
contents, which allows man-in-the-middle attackers to execute arbitrary
code via a crafted response to the default use of the product
(CVE-2013-1633).
                

References

SRPMS

2/core

3/core