Bug#605180: python-tables-doc: Use of PYTHONPATH env var in an insecure way
Antonio Valentino
antonio.valentino at tiscali.it
Fri Feb 24 17:17:44 UTC 2012
Hi,
some updates:
* up to python-tables-doc < 2.3 the problem only impacts the user guide
document.
To be more precise the problem is in the chapter dedicated to the
package "installation from sources" so IMHO is should not have a
severe impact for users of the debian package.
* from python-tables-doc >= 2.3 the package also installs a
/usr/share/doc/python-tables-doc/bench folder including sample
benchmark scripts. Some of them (bench-postgres-ranges.sh,
bench-pytables-ranges.sh and bench-pytables.sh) use an incorrect
syntax to set PYTHONPATH.
* the problem has been addressed upstream [1]
Probably the severity of this bug could be re-evaluated.
If the severity is still considered important I can integrate the
upstream patch in relatively short time.
Anyway I don't know when it will be possible to upload a new package for
pytables since it is interested by two transitions currently in act
(numpy and hdf5).
An alternative is just to wait the next upstream release
comments are welcome
best regards
[1]
https://github.com/PyTables/PyTables/commit/e890cb5e91754b16ea05bff2b24d9937e8525f78
--
Antonio Valentino
More information about the debian-science-maintainers
mailing list