[Python-modules-team] Bug#652653: python-virtualenv: insecure /tmp file handling

Nico Golde debian-release+ml at ngolde.de
Tue Dec 20 20:24:28 UTC 2011


Hi,
* Adam D. Barratt <adam at adam-barratt.org.uk> [2011-12-20 21:22]:
> On Tue, 2011-12-20 at 09:44 +0100, Piotr O??arowski wrote:
[...] 
> > > that's an admirable turn-around :-) it really should have been discussed
> > > with the SRMs first, rather than simply uploading (I believe this is
> > > well documented enough by now - if not, please point out where and how
> > > we could make it clearer).
> > 
> > ups, I assumed someone from SRMs is in the thread
> 
> If the thread involved the security team saying "please fix this via
> proposed-updates", there's an implied "by talking to the release team"
> attached.  We're generally not involved in such discussions until after
> the security team have decided they don't want to issue a DSA for a
> particular issue and someone raises it with us.

We will not issue a DSA for this vulnerability. Please go ahead and fix this 
through spu.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20111220/e3be5bd7/attachment.pgp>


More information about the Python-modules-team mailing list