CVE-2011-4944 (retired)

Priority
Description
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions
before changing them after data has been written, which introduces a race
condition that allows local users to obtain a username and password by
reading this file.
Notes
 tyhicks> Code in Lib/distutils/command/register.py in 2.4 and 2.5
Assigned-to
jdstrand
Package
Upstream:needed
Package
Upstream:needed
Package
Upstream:needed
Patches:
Upstream:http://bugs.python.org/file23824/pypirc-secure.diff
Package
Upstream:pending (2.7.3~rc2-2)
Patches:
Upstream:http://hg.python.org/cpython/rev/f833e7ec4de1/
Package
Upstream:needed
Patches:
Upstream:http://bugs.python.org/file23824/pypirc-secure.diff
Package
Upstream:needed
Patches:
Upstream:http://bugs.python.org/file23824/pypirc-secure.diff
Package
Upstream:needed
Patches:
Upstream:http://bugs.python.org/file23.34/pypirc-secure.diff
More Information

Updated: 2019-03-26 11:59:39 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)