[Python-modules-team] Bug#726093: python-scipy: CVE-2013-4251: weave /tmp and current directory issues
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 23 06:04:17 UTC 2013
Hi Julian,
On Wed, Oct 23, 2013 at 01:16:36AM +0200, Julian Taylor wrote:
> On 22.10.2013 08:43, Salvatore Bonaccorso wrote:
> > Hi Julian,
> >
> > Cc'ing Julian directly as per short discussion on IRC.
> >
> > On IRC you mentioned that you are looking at this issue. Did you had a
> > chance to prepare the upload for unstable?
> >
>
> I have prepared updates for unstable, wheezy and squeeze, which require
> sponsoring:
>
> http://anonscm.debian.org/viewvc/python-modules/packages/scipy/branches/
>
> for wheezy and squeeze a little extra checking if the
> packaging/versioning is done correctly is appreciated as this is my
> first stable update in debian.
>
> Tested the packages by running scipys testsuite and a couple weave
> commands on all supported python versions.
Thanks for you update. I only had a look at the unstable version (so
far at least), and looks good. I have uploaded it as provided by you.
(Only small "nitpick", please always include the CVE reference in the
changelog as this will ease the work of the security team tracking
the issues).
For uploads to (old-)stable, please see [1]. (btw, the versioning
0.7.2+dfsg1-1+squeeze1 for oldstable, and 0.10.1+dfsg2-1+deb7u1 for
stable looks good).
[1] http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
Thanks for your work, and regards,
Salvatore
More information about the Python-modules-team
mailing list