It was reported [1],[2] that the python pip module uses an insecure temporary directory when building (/tmp/pip-build). This is fixed in upstream git (patches noted from the bug report) [1] https://github.com/pypa/pip/issues/725 [2] http://seclists.org/oss-sec/2013/q1/704
Created python-pip tracking bugs for this issue Affects: fedora-all [bug 923975] Affects: epel-all [bug 923976]
This was assigned CVE-2013-1888: http://www.openwall.com/lists/oss-security/2013/03/22/10
python-pip version 1.3.1 is now available in Fedora 17, 18, and 19.
python-virtualenv-1.9.1-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
python-virtualenv-1.9.1-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
python-virtualenv-1.9.1-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
python-virtualenv-1.9.1-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
python-virtualenv-1.9.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.