Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

python-scipy: CVE-2013-4251: weave /tmp and current directory issues

Related Vulnerabilities: CVE-2013-4251  

Source

Debian Bug report logs - #726093
python-scipy: CVE-2013-4251: weave /tmp and current directory issues

version graph

Package: python-scipy; Maintainer for python-scipy is Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>; Source for python-scipy is src:python-scipy (PTS, buildd, popcon).

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Sat, 12 Oct 2013 07:39:02 UTC

Severity: grave

Tags: fixed-upstream, patch, security, upstream

Found in versions python-scipy/0.10.1+dfsg2-1, python-scipy/0.12.0-2, python-scipy/0.7.2+dfsg1-1

Fixed in versions python-scipy/0.12.0-3, python-scipy/0.7.2+dfsg1-1+deb6u1

Done: Raphael Geissert <geissert@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#726093; Package python-scipy. (Sat, 12 Oct 2013 07:39:06 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Sat, 12 Oct 2013 07:39:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: python-scipy: CVE-2013-4251: weave /tmp and current directory issues
Date: Sat, 12 Oct 2013 09:36:01 +0200
Package: python-scipy
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for python-scipy.

CVE-2013-4251[0]:
weave /tmp and current directory issues

For more details see also the RedHat Bugreport [1]. Upstream released
0.12.1[2] this issue and a the corresponding commit is at [3].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4251
    http://security-tracker.debian.org/tracker/CVE-2013-4251
[1] https://bugzilla.redhat.com/show_bug.cgi?id=916690
[2] http://sourceforge.net/projects/scipy/files/scipy/0.12.1/
[3] https://github.com/scipy/scipy/commit/bd296e0336420b840fcd2faabb97084fd252a973

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#726093; Package python-scipy. (Sat, 12 Oct 2013 07:51:08 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Sat, 12 Oct 2013 07:51:08 GMT) (full text, mbox, link).

Message #10 received at 726093@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 726093@bugs.debian.org
Subject: Re: Bug#726093: python-scipy: CVE-2013-4251: weave /tmp and current directory issues
Date: Sat, 12 Oct 2013 09:46:42 +0200
Control: severity -1 grave

Actually increasing the severity, reason is
https://bugzilla.redhat.com/show_bug.cgi?id=916690#c10 (I have not
fully verified the issue).

Regards,
Salvatore

Severity set to 'grave' from 'important' Request was from Salvatore Bonaccorso <carnil@debian.org> to 726093-submit@bugs.debian.org. (Sat, 12 Oct 2013 07:51:08 GMT) (full text, mbox, link).

Marked as found in versions python-scipy/0.7.2+dfsg1-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 15 Oct 2013 16:27:07 GMT) (full text, mbox, link).

Marked as found in versions python-scipy/0.10.1+dfsg2-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 15 Oct 2013 16:30:08 GMT) (full text, mbox, link).

Marked as found in versions python-scipy/0.12.0-2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 15 Oct 2013 16:30:12 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#726093; Package python-scipy. (Tue, 22 Oct 2013 06:45:16 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Tue, 22 Oct 2013 06:45:16 GMT) (full text, mbox, link).

Message #23 received at 726093@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 726093@bugs.debian.org
Cc: Julian Taylor <jtaylor.debian@googlemail.com>
Subject: Re: Bug#726093: python-scipy: CVE-2013-4251: weave /tmp and current directory issues
Date: Tue, 22 Oct 2013 08:43:56 +0200
Hi Julian,

Cc'ing Julian directly as per short discussion on IRC.

On IRC you mentioned that you are looking at this issue. Did you had a
chance to prepare the upload for unstable?

I can otherwise try to prepare a NMU with the given patch only, if
needed.

p.s.: Note it was decided to tag this as 'no-dsa' but fixing this for
      stable and oldstable trough a (o)pu would still be welcome.

Regards,
Salvatore

Added tag(s) pending. Request was from jtaylor-guest@users.alioth.debian.org to control@bugs.debian.org. (Tue, 22 Oct 2013 22:27:14 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#726093; Package python-scipy. (Tue, 22 Oct 2013 23:21:10 GMT) (full text, mbox, link).

Acknowledgement sent to Julian Taylor <jtaylor.debian@googlemail.com>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Tue, 22 Oct 2013 23:21:10 GMT) (full text, mbox, link).

Message #30 received at 726093@bugs.debian.org (full text, mbox, reply):

From: Julian Taylor <jtaylor.debian@googlemail.com>
To: Salvatore Bonaccorso <carnil@debian.org>
Cc: 726093@bugs.debian.org, Varun Hiremath <varun@debian.org>
Subject: Re: Bug#726093: python-scipy: CVE-2013-4251: weave /tmp and current directory issues
Date: Wed, 23 Oct 2013 01:16:36 +0200
On 22.10.2013 08:43, Salvatore Bonaccorso wrote:
> Hi Julian,
> 
> Cc'ing Julian directly as per short discussion on IRC.
> 
> On IRC you mentioned that you are looking at this issue. Did you had a
> chance to prepare the upload for unstable?
> 

I have prepared updates for unstable, wheezy and squeeze, which require
sponsoring:

http://anonscm.debian.org/viewvc/python-modules/packages/scipy/branches/

for wheezy and squeeze a little extra checking if the
packaging/versioning is done correctly is appreciated as this is my
first stable update in debian.

Tested the packages by running scipys testsuite and a couple weave
commands on all supported python versions.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#726093; Package python-scipy. (Wed, 23 Oct 2013 06:09:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Wed, 23 Oct 2013 06:09:05 GMT) (full text, mbox, link).

Message #35 received at 726093@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Julian Taylor <jtaylor.debian@googlemail.com>
Cc: 726093@bugs.debian.org, Varun Hiremath <varun@debian.org>
Subject: Re: Bug#726093: python-scipy: CVE-2013-4251: weave /tmp and current directory issues
Date: Wed, 23 Oct 2013 08:04:17 +0200
Hi Julian,

On Wed, Oct 23, 2013 at 01:16:36AM +0200, Julian Taylor wrote:
> On 22.10.2013 08:43, Salvatore Bonaccorso wrote:
> > Hi Julian,
> > 
> > Cc'ing Julian directly as per short discussion on IRC.
> > 
> > On IRC you mentioned that you are looking at this issue. Did you had a
> > chance to prepare the upload for unstable?
> > 
> 
> I have prepared updates for unstable, wheezy and squeeze, which require
> sponsoring:
> 
> http://anonscm.debian.org/viewvc/python-modules/packages/scipy/branches/
> 
> for wheezy and squeeze a little extra checking if the
> packaging/versioning is done correctly is appreciated as this is my
> first stable update in debian.
> 
> Tested the packages by running scipys testsuite and a couple weave
> commands on all supported python versions.

Thanks for you update. I only had a look at the unstable version (so
far at least), and looks good. I have uploaded it as provided by you.
(Only small "nitpick", please always include the CVE reference in the
changelog as this will ease the work of the security team tracking
the issues).

For uploads to (old-)stable, please see [1]. (btw, the versioning
0.7.2+dfsg1-1+squeeze1 for oldstable, and 0.10.1+dfsg2-1+deb7u1 for
stable looks good).

 [1] http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable

Thanks for your work, and regards,
Salvatore

Reply sent to Julian Taylor <jtaylor.debian@googlemail.com>:
You have taken responsibility. (Wed, 23 Oct 2013 06:09:15 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Wed, 23 Oct 2013 06:09:15 GMT) (full text, mbox, link).

Message #40 received at 726093-close@bugs.debian.org (full text, mbox, reply):

From: Julian Taylor <jtaylor.debian@googlemail.com>
To: 726093-close@bugs.debian.org
Subject: Bug#726093: fixed in python-scipy 0.12.0-3
Date: Wed, 23 Oct 2013 06:04:13 +0000
Source: python-scipy
Source-Version: 0.12.0-3

We believe that the bug you reported is fixed in the latest version of
python-scipy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 726093@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Taylor <jtaylor.debian@googlemail.com> (supplier of updated python-scipy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 22 Oct 2013 23:44:47 +0200
Source: python-scipy
Binary: python-scipy python3-scipy python-scipy-dbg python3-scipy-dbg
Architecture: source amd64
Version: 0.12.0-3
Distribution: unstable
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Julian Taylor <jtaylor.debian@googlemail.com>
Description: 
 python-scipy - scientific tools for Python
 python-scipy-dbg - scientific tools for Python - debugging symbols
 python3-scipy - scientific tools for Python 3
 python3-scipy-dbg - scientific tools for Python 3 - debugging symbols
Closes: 726093
Changes: 
 python-scipy (0.12.0-3) unstable; urgency=high
 .
   * temporary-directory-usage.patch:
     fix insecure temporary directory usage of weave module. (Closes: #726093)
     Thanks to Tomas Tomecek for the patch.
Checksums-Sha1: 
 5746eaef3d4af7595a4e83e23c92ed4b1eb9578f 2676 python-scipy_0.12.0-3.dsc
 5c0b8b559d6a423118e167a61c8f3f31843e4a7b 21202 python-scipy_0.12.0-3.debian.tar.gz
 b1e9cd50fb9e2a382053d0e4e1218cff1eb0655e 7403276 python-scipy_0.12.0-3_amd64.deb
 f7d3ffa361aeb968d587cbdf4bb0c1da1e5b4646 7046612 python3-scipy_0.12.0-3_amd64.deb
 0d89c0ff77eda7daede06e6e1342ccd7b7d5541a 10227802 python-scipy-dbg_0.12.0-3_amd64.deb
 f3963d2363b42aad61142a688de521677b3e4bc1 10261850 python3-scipy-dbg_0.12.0-3_amd64.deb
Checksums-Sha256: 
 a35c36cee6e9f8e3e27387d9cf959afeb05550b2f5565e41ceb8c2bac2f590cc 2676 python-scipy_0.12.0-3.dsc
 f4fac3d1e0454db0c27589cec465b77f2e8765e0064c578f10fc772b73c47b83 21202 python-scipy_0.12.0-3.debian.tar.gz
 7ab74f94336465119e890ebd35d374a90bb48a29c345fdeeb976cd530472c678 7403276 python-scipy_0.12.0-3_amd64.deb
 47b2662cd0f81830ff7a079434eabee7f00a494d2d2a4ca0897ce9432694ee0c 7046612 python3-scipy_0.12.0-3_amd64.deb
 71cc7d228acc1d2ae34a10a893e6f331eea5d094615c4229dbfca8504244352b 10227802 python-scipy-dbg_0.12.0-3_amd64.deb
 d02d383ef359d0ecfe040c3054f4d457148b0b77ea1808746353f47a5b7e6124 10261850 python3-scipy-dbg_0.12.0-3_amd64.deb
Files: 
 ab4293508e43879ae87828be0935eea4 2676 python extra python-scipy_0.12.0-3.dsc
 ea8cce1f331e20e47d51589556d70a43 21202 python extra python-scipy_0.12.0-3.debian.tar.gz
 ba402d052ec2f4fbbd9da0e7a762f20c 7403276 python extra python-scipy_0.12.0-3_amd64.deb
 7a19e1522cf1e9f0dc1e49ecb6a9072a 7046612 python extra python3-scipy_0.12.0-3_amd64.deb
 bdaaeb259b9c0def198fbebe004bcbb3 10227802 debug extra python-scipy-dbg_0.12.0-3_amd64.deb
 f7b9739209958ed94038267923af9d39 10261850 debug extra python3-scipy-dbg_0.12.0-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJSZ2TPAAoJEAVMuPMTQ89EH+YP/3aUDqSh9QGUFQDZmp1o7cqD
bQbdM31dIz9ienw2MCBogMOfFtAkIED6D+QxECyF9wbH/AHgjpMZylTDreWEAfh4
CBGQsrRejrFo9rYfq/TLav0ki7+/0jnEqliRSCDXdZrbxZJu7B8hEE3RvKaD6Hbu
PfsUl1hMMZj4GxStBD68OFCxHjZo5T/RSf72oUSnLW1qz+WG6WBioo/N5ytrS/zC
49sphUxvQaiLTS2SwucrBwK1Ib2w7XOVxEeBqAWZ2Io9MZVk/UJYu6h/fC/7lrUo
2epaQ5/uHui417rs6gpYJFeKEAxRkRldjGDxlfMhQUxVIXkEfHuhiMj0M+ibtoSR
oMGX/Yw4FYF9zZHiPpFJu6Kd+qaUUtyugO24VAhsFAYsO4jU1bj5UpCJlxBs4X/S
QGoIv4uLOiF41OL1dTpeUJPcds4DxIVBsjbS4PPIhVcY27D2dDATPR6IZAupdfRp
yUAryiyaPEjrCEdyDbWXmZpm9z4FyBJWRKRRw68VQUBA7epsHwA3gPDTwgDQdJew
zibcVPugloBeHwfKCSAo7qEMyQ4fna8xbGMpkuEopmL/4+adn2Hvb/NoqxqvmRNw
qjaBsJw2tE+ygApIylD1BCebWpCS74kEx0GfPVWb82oxCZo/m31i2p8tqPlzXlZv
KXdbURMgXAWMmjlwiGVl
=xhfU
-----END PGP SIGNATURE-----

Reply sent to Raphael Geissert <geissert@debian.org>:
You have taken responsibility. (Thu, 31 Jul 2014 11:06:10 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Thu, 31 Jul 2014 11:06:10 GMT) (full text, mbox, link).

Message #45 received at 726093-close@bugs.debian.org (full text, mbox, reply):

From: Raphael Geissert <geissert@debian.org>
To: 726093-close@bugs.debian.org
Subject: Bug#726093: fixed in python-scipy 0.7.2+dfsg1-1+deb6u1
Date: Thu, 31 Jul 2014 11:04:35 +0000
Source: python-scipy
Source-Version: 0.7.2+dfsg1-1+deb6u1

We believe that the bug you reported is fixed in the latest version of
python-scipy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 726093@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphael Geissert <geissert@debian.org> (supplier of updated python-scipy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 31 Jul 2014 10:39:02 +0200
Source: python-scipy
Binary: python-scipy python-scipy-dbg
Architecture: source amd64
Version: 0.7.2+dfsg1-1+deb6u1
Distribution: squeeze-lts
Urgency: low
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Raphael Geissert <geissert@debian.org>
Description: 
 python-scipy - scientific tools for Python
 python-scipy-dbg - scientific tools for Python - debugging symbols
Closes: 726093
Changes: 
 python-scipy (0.7.2+dfsg1-1+deb6u1) squeeze-lts; urgency=low
 .
   * Fix CVE-2013-4251: insecure handling of temporary directory
     (Closes: #726093)
Checksums-Sha1: 
 cb2842b2a965e8bdbe22c04eab507f0e32ea3e46 1825 python-scipy_0.7.2+dfsg1-1+deb6u1.dsc
 558eff6a9481310412f4afa30b200787e12c6908 4651354 python-scipy_0.7.2+dfsg1.orig.tar.gz
 a24ffca34776c7ec49c085236f5d56c20d3ca1e7 14773 python-scipy_0.7.2+dfsg1-1+deb6u1.debian.tar.gz
 d457649af91ebc2a7ee4fc26f5c55e22ec0edc8c 10344504 python-scipy_0.7.2+dfsg1-1+deb6u1_amd64.deb
 f9e424a5f458b5dafa88f2d10a3badfe4e725baa 24092688 python-scipy-dbg_0.7.2+dfsg1-1+deb6u1_amd64.deb
Checksums-Sha256: 
 87effc71eeaac541084907c74a288a7c6f5a3e509562b78e71a826d694866b4e 1825 python-scipy_0.7.2+dfsg1-1+deb6u1.dsc
 922d93c19de2ef004ffa2888465592aaf20c26b1a6c2d8c3cd5bad8a1710e361 4651354 python-scipy_0.7.2+dfsg1.orig.tar.gz
 a1a5d94581dec82740199ccdc114b4e61fc7a4aa5acb76f059c5c8e253fbffd7 14773 python-scipy_0.7.2+dfsg1-1+deb6u1.debian.tar.gz
 167d5e810fe57888dd7b74d27236e21d6e06ac9a473cd6c2acf59dd968757e6c 10344504 python-scipy_0.7.2+dfsg1-1+deb6u1_amd64.deb
 7ad7397b6ad45033afe80d098b660f759423a795c86f9118fd3e3b9a1458c8a0 24092688 python-scipy-dbg_0.7.2+dfsg1-1+deb6u1_amd64.deb
Files: 
 76067f457775c5f87c158544b64b39ee 1825 python extra python-scipy_0.7.2+dfsg1-1+deb6u1.dsc
 5f5a625ba5ae9dc08fd88c3f2115b74b 4651354 python extra python-scipy_0.7.2+dfsg1.orig.tar.gz
 d7e34e50d09282f229d1febaf6f76fa5 14773 python extra python-scipy_0.7.2+dfsg1-1+deb6u1.debian.tar.gz
 c21ea2602e3ec6e82e88f25987134fb2 10344504 python extra python-scipy_0.7.2+dfsg1-1+deb6u1_amd64.deb
 4b97e02b375325c09223f43a87a025db 24092688 debug extra python-scipy-dbg_0.7.2+dfsg1-1+deb6u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlPaICoACgkQYy49rUbZzlr0UQCfZvrZl1A2uFraIy3sTtokKqxk
54MAnid6MUBGteuxGDwZKOCv0PXxIUQq
=4f11
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#726093; Package python-scipy. (Sat, 29 Nov 2014 22:12:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Sat, 29 Nov 2014 22:12:05 GMT) (full text, mbox, link).

Message #50 received at 726093@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>
To: Julian Taylor <jtaylor.debian@googlemail.com>
Cc: 726093@bugs.debian.org, Varun Hiremath <varun@debian.org>
Subject: Re: Bug#726093: python-scipy: CVE-2013-4251: weave /tmp and current directory issues
Date: Sat, 29 Nov 2014 23:08:56 +0100
On Wed, Oct 23, 2013 at 08:04:17AM +0200, Salvatore Bonaccorso wrote:
> Hi Julian,
> 
> On Wed, Oct 23, 2013 at 01:16:36AM +0200, Julian Taylor wrote:
> > On 22.10.2013 08:43, Salvatore Bonaccorso wrote:
> > > Hi Julian,
> > > 
> > > Cc'ing Julian directly as per short discussion on IRC.
> > > 
> > > On IRC you mentioned that you are looking at this issue. Did you had a
> > > chance to prepare the upload for unstable?
> > > 
> > 
> > I have prepared updates for unstable, wheezy and squeeze, which require
> > sponsoring:
> > 
> > http://anonscm.debian.org/viewvc/python-modules/packages/scipy/branches/
> > 
> > for wheezy and squeeze a little extra checking if the
> > packaging/versioning is done correctly is appreciated as this is my
> > first stable update in debian.
> > 
> > Tested the packages by running scipys testsuite and a couple weave
> > commands on all supported python versions.
> 
> Thanks for you update. I only had a look at the unstable version (so
> far at least), and looks good. I have uploaded it as provided by you.
> (Only small "nitpick", please always include the CVE reference in the
> changelog as this will ease the work of the security team tracking
> the issues).
> 
> For uploads to (old-)stable, please see [1]. (btw, the versioning
> 0.7.2+dfsg1-1+squeeze1 for oldstable, and 0.10.1+dfsg2-1+deb7u1 for
> stable looks good).

This is still unfixed in Wheezy, do you still plan to fix this in a
Wheezy point update?

Cheers,
        Moritz

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 26 Apr 2015 07:57:56 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:38:42 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started