Advisories ยป MGASA-2013-0330

Updated python-scipy packages fix a security vulnerability and missing deps

Publication date: 20 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4251


Updated python-scipy package fixes security vulnerability:

scipy.weave will use /tmp/[username] as persistent storage (cache), but it
does not check whether or not this directory already exists, does not check
whether it is a directory or a symlink, and also does not verify permissions
or ownership, which could allow someone to place code in this directory that
would be executed as the user running scipy.weave (CVE-2013-4251).

The update also adds some missing dependencies.