Updated python-scipy packages fix a security vulnerability and missing deps
Publication date: 20 Nov 2013Modification date: 20 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4251
Description
Updated python-scipy package fixes security vulnerability: scipy.weave will use /tmp/[username] as persistent storage (cache), but it does not check whether or not this directory already exists, does not check whether it is a directory or a symlink, and also does not verify permissions or ownership, which could allow someone to place code in this directory that would be executed as the user running scipy.weave (CVE-2013-4251). The update also adds some missing dependencies.
References
SRPMS
2/core
- python-scipy-0.9.0-3.4.mga2
3/core
- python-scipy-0.9.0-7.3.mga3