CVE-2011-4944

Priority
Low
Description
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions
before changing them after data has been written, which introduces a race
condition that allows local users to obtain a username and password by
reading this file.
References
Bugs
Notes
 tyhicks> Code in Lib/distutils/command/register.py in 2.4 and 2.5
Assigned-to
jdstrand
Package
Upstream:pending (2.7.3~rc2-2)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (2.7.3~rc2-2)
Patches:
Upstream:http://hg.python.org/cpython/rev/f833e7ec4de1/
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Patches:
Upstream:http://bugs.python.org/file23824/pypirc-secure.diff
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):released (3.2.3-0ubuntu3.2)
Patches:
Upstream:http://bugs.python.org/file23824/pypirc-secure.diff
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Patches:
Upstream:http://bugs.python.org/file23.34/pypirc-secure.diff
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Patches:
Upstream:http://bugs.python.org/file23824/pypirc-secure.diff
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:19 UTC (commit 9756)