Updated python-setuptools and python-virtualenv packages fix security vulnerability
Publication date: 13 Sep 2013Modification date: 13 Sep 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-1633
Description
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product (CVE-2013-1633).
References
SRPMS
2/core
- python-setuptools-0.9.8-1.1.mga2
- python-virtualenv-1.10.1-0.1.mga2
3/core
- python-setuptools-0.9.8-2.1.mga3
- python-virtualenv-1.10.1-1.1.mga3