Sicherheit: Unsichere Verwendung temporärer Verzeichnisse in scipy
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Verzeichnisse in scipy
ID: FEDORA-2013-19236
Distribution: Fedora
Plattformen: Fedora 19
Datum: So, 27. Oktober 2013, 10:26
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4251
Applikationen: Scipy


Name        : scipy
Product : Fedora 19
Version : 0.12.1
Release : 1.fc19
URL : http://www.scipy.org
Summary : Scipy: Scientific Tools for Python
Description :
Scipy is open-source software for mathematics, science, and
engineering. The core library is NumPy which provides convenient and
fast N-dimensional array manipulation. The SciPy library is built to
work with NumPy arrays, and provides many user-friendly and efficient
numerical routines such as routines for numerical integration and
optimization. Together, they run on all popular operating systems, are
quick to install, and are free of charge. NumPy and SciPy are easy to
use, but powerful enough to be depended upon by some of the world's
leading scientists and engineers.

Update Information:

Update to 0.12.1, fixes CVE-2013-4251: insecure /tmp usage by scipy.weave.

* Mon Oct 14 2013 Orion Poplawski <orion@cora.nwra.com> - 0.12.1-1
- Update to 0.12.1 - fixes CVE-2013-4251 (bug 101351)
* Sun Aug 4 2013 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 0.12.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed May 15 2013 Orion Poplawski <orion@cora.nwra.com> - 0.12.0-3
- Remove old ufsparse references, use suitesparse
- Spec cleanup
- Tue Jul 30 2013 Tomas Tomecek <ttomecek@redhat.com>:
- Fix rpmlint warnings
- License update
- Add patch to use build_dir argument in build_extension

[ 1 ] Bug #916690 - CVE-2013-4251 scipy: weave /tmp and current directory

This update can be installed with the "yum" update program. Use
su -c 'yum update scipy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten