drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung temporärer Verzeichnisse in scipy
| Name: |
Unsichere Verwendung temporärer Verzeichnisse in scipy |
|
| ID: |
FEDORA-2013-19271 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 18 |
|
| Datum: |
So, 27. Oktober 2013, 10:26 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4251 |
|
| Applikationen: |
Scipy |
|
Originalnachricht |
Name : scipy
Product : Fedora 18
Version : 0.12.1
Release : 1.fc18
URL : http://www.scipy.org
Summary : Scipy: Scientific Tools for Python
Description :
Scipy is open-source software for mathematics, science, and
engineering. The core library is NumPy which provides convenient and
fast N-dimensional array manipulation. The SciPy library is built to
work with NumPy arrays, and provides many user-friendly and efficient
numerical routines such as routines for numerical integration and
optimization. Together, they run on all popular operating systems, are
quick to install, and are free of charge. NumPy and SciPy are easy to
use, but powerful enough to be depended upon by some of the world's
leading scientists and engineers.
-------------------------------------------------------------------------------
-
Update Information:
Update to 0.12.1, fixes CVE-2013-4251: insecure /tmp usage by scipy.weave.
-------------------------------------------------------------------------------
-
ChangeLog:
* Mon Oct 14 2013 Orion Poplawski <orion@cora.nwra.com> - 0.12.1-1
- Update to 0.12.1 - fixes CVE-2013-4251 (bug 101351)
* Sun Aug 4 2013 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 0.12.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed May 15 2013 Orion Poplawski <orion@cora.nwra.com> - 0.12.0-3
- Remove old ufsparse references, use suitesparse
- Spec cleanup
- Tue Jul 30 2013 Tomas Tomecek <ttomecek@redhat.com>:
- Fix rpmlint warnings
- License update
- Add patch to use build_dir argument in build_extension
* Mon Apr 15 2013 Orion Poplawski <orion@cora.nwra.com> - 0.12.0-2
- Add patch to fix segfaul in test of sgeqrf
* Wed Apr 10 2013 Orion Poplawski <orion@cora.nwra.com> - 0.12.0-1
- Update to 0.12.0 final
- No longer remove weave from python3 build
* Sat Feb 16 2013 Orion Poplawski <orion@cora.nwra.com> - 0.12.0-0.1.b1
- Update to 0.12.0b1
- Drop upstreamed linalg patch
* Wed Feb 13 2013 Orion Poplawski <orion@cora.nwra.com> - 0.11.0-4
- Add patch from upstream to fix python3.3 issues in linalg routines
* Tue Feb 12 2013 Orion Poplawski <orion@cora.nwra.com> - 0.11.0-3
- Disable python3 tests for now
* Mon Oct 8 2012 Orion Poplawski <orion@cora.nwra.com> - 0.11.0-2
- Add requires python3-numpy, python3-f2py for python3-scipy (bug 863755)
-------------------------------------------------------------------------------
-
References:
[ 1 ] Bug #916690 - CVE-2013-4251 scipy: weave /tmp and current directory
issues
https://bugzilla.redhat.com/show_bug.cgi?id=916690
-------------------------------------------------------------------------------
-
This update can be installed with the "yum" update program. Use
su -c 'yum update scipy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|
