drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung temporärer Verzeichnisse in scipy
Name: |
Unsichere Verwendung temporärer Verzeichnisse in scipy |
|
ID: |
FEDORA-2013-19271 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 18 |
|
Datum: |
So, 27. Oktober 2013, 10:26 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4251 |
|
Applikationen: |
Scipy |
|
Originalnachricht |
Name : scipy Product : Fedora 18 Version : 0.12.1 Release : 1.fc18 URL : http://www.scipy.org Summary : Scipy: Scientific Tools for Python Description : Scipy is open-source software for mathematics, science, and engineering. The core library is NumPy which provides convenient and fast N-dimensional array manipulation. The SciPy library is built to work with NumPy arrays, and provides many user-friendly and efficient numerical routines such as routines for numerical integration and optimization. Together, they run on all popular operating systems, are quick to install, and are free of charge. NumPy and SciPy are easy to use, but powerful enough to be depended upon by some of the world's leading scientists and engineers.
------------------------------------------------------------------------------- - Update Information:
Update to 0.12.1, fixes CVE-2013-4251: insecure /tmp usage by scipy.weave. ------------------------------------------------------------------------------- - ChangeLog:
* Mon Oct 14 2013 Orion Poplawski <orion@cora.nwra.com> - 0.12.1-1 - Update to 0.12.1 - fixes CVE-2013-4251 (bug 101351) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed May 15 2013 Orion Poplawski <orion@cora.nwra.com> - 0.12.0-3 - Remove old ufsparse references, use suitesparse - Spec cleanup - Tue Jul 30 2013 Tomas Tomecek <ttomecek@redhat.com>: - Fix rpmlint warnings - License update - Add patch to use build_dir argument in build_extension * Mon Apr 15 2013 Orion Poplawski <orion@cora.nwra.com> - 0.12.0-2 - Add patch to fix segfaul in test of sgeqrf * Wed Apr 10 2013 Orion Poplawski <orion@cora.nwra.com> - 0.12.0-1 - Update to 0.12.0 final - No longer remove weave from python3 build * Sat Feb 16 2013 Orion Poplawski <orion@cora.nwra.com> - 0.12.0-0.1.b1 - Update to 0.12.0b1 - Drop upstreamed linalg patch * Wed Feb 13 2013 Orion Poplawski <orion@cora.nwra.com> - 0.11.0-4 - Add patch from upstream to fix python3.3 issues in linalg routines * Tue Feb 12 2013 Orion Poplawski <orion@cora.nwra.com> - 0.11.0-3 - Disable python3 tests for now * Mon Oct 8 2012 Orion Poplawski <orion@cora.nwra.com> - 0.11.0-2 - Add requires python3-numpy, python3-f2py for python3-scipy (bug 863755) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #916690 - CVE-2013-4251 scipy: weave /tmp and current directory issues https://bugzilla.redhat.com/show_bug.cgi?id=916690 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update scipy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|