Red Hat Bugzilla – Full Text Bug Listing
|Summary:||CVE-2013-1629 python-pip: insecure installation mechanism [epel-all]|
|Product:||[Fedora] Fedora EPEL||Reporter:||Vincent Danen <vdanen>|
|Component:||python-pip||Assignee:||Tim Flink <tflink>|
|Status:||CLOSED EOL||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Target Milestone:||---||Keywords:||Security, SecurityTracking|
|Fixed In Version:||Doc Type:||Release Note|
|Doc Text:||Story Points:||---|
|Last Closed:||2017-04-06 06:24:45 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Vincent Danen 2013-05-28 18:59:53 EDT
This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. Please note: this issue affects multiple supported versions of Fedora EPEL. Only one tracking bug has been filed; please ensure that it is only closed when all affected versions are fixed. [bug automatically created by: add-tracking-bugs]
Comment 1 Vincent Danen 2013-05-28 19:00:02 EDT
Please use the following update submission link to create the Bodhi request for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. Please also ensure that the "Close bugs when update is stable" option remains checked. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=968059,968061
Comment 2 Tim Flink 2013-05-28 23:50:06 EDT
python-pip 1.3 is already stable in el6. python-pip upstream has a minimum python version requirement of 2.6, so the fix for el5 is a bit tougher but I'll take a look to see what's reasonable there.
Comment 3 Vincent Danen 2013-05-29 00:19:59 EDT
Changing the version to reflect that this only affects epel5.
Comment 4 Fedora End Of Life 2017-04-06 06:24:45 EDT
Fedora EPEL 5 changed to end-of-life (EOL) status on 2017-03-31. Fedora EPEL 5 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora or Fedora EPEL, please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.