[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2003.006-python.txt

Thu, 23 Jan 2003 02:26:19 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web                      Date:   23-Jan-2003 11:26:40
  Branch: HEAD                             Handle: 2003012310263900

  Modified files:
    openpkg-web/security    OpenPKG-SA-2003.006-python.txt

  Log:
    flush pending changes

  Summary:
    Revision    Changes     Path
    1.2         +7  -5      openpkg-web/security/OpenPKG-SA-2003.006-python.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2003.006-python.txt
  ============================================================================
  $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2003.006-python.txt
  --- openpkg-web/security/OpenPKG-SA-2003.006-python.txt       22 Jan 2003 16:04:54 
-0000      1.1
  +++ openpkg-web/security/OpenPKG-SA-2003.006-python.txt       23 Jan 2003 10:26:39 
-0000      1.2
  @@ -18,11 +18,13 @@
   Affected Releases:   Dependent Packages: none
   
   Description:
  -  Zack Weinberg discovered an insecure use of a hardcoded file name [0]
  -  in Python, a interpreted, interactive, object-oriented programming
  -  language [1]. Python uses a predictable filename which could lead to
  -  execution of arbitrary code.  The Common Vulnerabilities and Exposures
  -  (CVE) project assigned the id CAN-2002-1119 [2] to the problem.
  +  Zack Weinberg discovered an insecure use of a predictable file name
  +  [0] in Python, a interpreted, interactive, object-oriented programming
  +  language [1]. Python attempts to exec a file which does not exist just
  +  to find out what error the operating system returns. It uses a
  +  constant filename for this task which could lead to execution of
  +  arbitrary code.  The Common Vulnerabilities and Exposures (CVE)
  +  project assigned the id CAN-2002-1119 [2] to the problem.
   
     Please check whether you are affected by running "<prefix>/bin/rpm -q
     python". If you have the "python" package installed and its version is
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to