OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 23-Jan-2003 11:36:10
Branch: HEAD Handle: 2003012310361000
Modified files:
openpkg-web/security OpenPKG-SA-2003.006-python.txt
Log:
final polishing and signing
Summary:
Revision Changes Path
1.3 +20 -11 openpkg-web/security/OpenPKG-SA-2003.006-python.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2003.006-python.txt
============================================================================
$ cvs diff -u -r1.2 -r1.3 OpenPKG-SA-2003.006-python.txt
--- openpkg-web/security/OpenPKG-SA-2003.006-python.txt 23 Jan 2003 10:26:39
-0000 1.2
+++ openpkg-web/security/OpenPKG-SA-2003.006-python.txt 23 Jan 2003 10:36:10
-0000 1.3
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -7,7 +10,7 @@
________________________________________________________________________
Package: python
-Vulnerability: predictable filename allows arbitrary code execution
+Vulnerability: predictable filename allows arbitrary code execution
OpenPKG Specific: no
Affected Releases: Affected Packages: Corrected Packages:
@@ -19,18 +22,17 @@
Description:
Zack Weinberg discovered an insecure use of a predictable file name
- [0] in Python, a interpreted, interactive, object-oriented programming
- language [1]. Python attempts to exec a file which does not exist just
- to find out what error the operating system returns. It uses a
- constant filename for this task which could lead to execution of
- arbitrary code. The Common Vulnerabilities and Exposures (CVE)
- project assigned the id CAN-2002-1119 [2] to the problem.
+ [0] in the Python programming language [1]. Python attempts to execute
+ a file which is assumed to not exist just to find out what error
+ the operating system returns in this situation. It uses a constant
+ filename for this task which could lead to the execution of arbitrary
+ code. The Common Vulnerabilities and Exposures (CVE) project assigned
+ the id CAN-2002-1119 [2] to the problem.
Please check whether you are affected by running "<prefix>/bin/rpm -q
- python". If you have the "python" package installed and its version is
- affected (see above), we recommend that you immediately upgrade it
- (see Solution) and it's dependent packages (see above), if any, too.
- [3][4]
+ python". If you have the "python" package installed and its version
+ is affected (see above), we recommend that you immediately upgrade it
+ (see Solution). [3][4]
Solution:
Select the updated source RPM appropriate for your OpenPKG release
@@ -72,3 +74,10 @@
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQE+L8WAgHWT4GPEy58RAtl5AJ40nGCQKxI5yrs4KnKMaRI5veFM4ACePHmi
+z8mwYutcBLXjOsWlMf5CEZM=
+=OSaV
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
