Candidate: CVE-2013-1629
PublicDate: 2013-08-06 02:52:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1629
Description:
 pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and
 does not perform integrity checks on package contents, which allows
 man-in-the-middle attackers to execute arbitrary code via a crafted
 response to a "pip install" operation.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710163
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710164
 https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1418592
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_python-pip:
upstream_python-pip: released (1.3.1-1)
lucid_python-pip: ignored (reached end-of-life)
precise_python-pip: ignored (reached end-of-life)
precise/esm_python-pip: DNE (precise was needed)
quantal_python-pip: ignored (reached end-of-life)
raring_python-pip: ignored (reached end-of-life)
saucy_python-pip: ignored (reached end-of-life)
trusty_python-pip: not-affected (1.5.4-1ubuntu4)
trusty/esm_python-pip: not-affected (1.5.4-1ubuntu4)
utopic_python-pip: ignored (reached end-of-life)
vivid_python-pip: ignored (reached end-of-life)
vivid/stable-phone-overlay_python-pip: DNE
vivid/ubuntu-core_python-pip: DNE
wily_python-pip: ignored (reached end-of-life)
xenial_python-pip: not-affected (8.1.1-2ubuntu0.4)
yakkety_python-pip: ignored (reached end-of-life)
zesty_python-pip: ignored (reached end-of-life)
artful_python-pip: not-affected
bionic_python-pip: not-affected
devel_python-pip: not-affected

Patches_python-virtualenv:
upstream_python-virtualenv: released (1.9.1-1)
lucid_python-virtualenv: ignored (reached end-of-life)
precise_python-virtualenv: ignored (reached end-of-life)
precise/esm_python-virtualenv: DNE (precise was needed)
quantal_python-virtualenv: ignored (reached end-of-life)
raring_python-virtualenv: ignored (reached end-of-life)
saucy_python-virtualenv: not-affected (1.9.1-1)
trusty_python-virtualenv: not-affected (1.9.1-1)
trusty/esm_python-virtualenv: not-affected (1.9.1-1)
utopic_python-virtualenv: not-affected (1.9.1-1)
vivid_python-virtualenv: not-affected (1.9.1-1)
vivid/stable-phone-overlay_python-virtualenv: DNE
vivid/ubuntu-core_python-virtualenv: DNE
wily_python-virtualenv: not-affected (1.9.1-1)
xenial_python-virtualenv: not-affected (1.9.1-1)
yakkety_python-virtualenv: not-affected (1.9.1-1)
zesty_python-virtualenv: not-affected (1.9.1-1)
artful_python-virtualenv: not-affected (1.9.1-1)
bionic_python-virtualenv: not-affected (1.9.1-1)
devel_python-virtualenv: not-affected (1.9.1-1)