Date: Mon, 16 Dec 2013 18:14:56 +0100 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: Re: Issue with PYTHON_EGG_CACHE -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Sun, Dec 15, 2013 at 02:06:59PM -0700, Kurt Seifried wrote: > On 12/15/2013 01:23 PM, Jeremy Stanley wrote: > > On 2013-12-15 14:47:12 -0500 (-0500), cve-assign@...re.org wrote: > >> This message seems to disclose a vulnerability in an unspecified > >> version of OpenStack Swift. > > [...] > >> Use CVE-2013-7109 for this report about OpenStack Swift. Again, > >> CVE-2013-7109 is not an ID for which setuptools is the affected > >> product. > > > > I don't think this was intended as a CVE request. The OpenStack > > VMT had already determined this was non-exploitable in Swift over > > the course of https://launchpad.net/bugs/1192966 and explicitly > > decided not to request a CVE nor issue an advisory. > > > > Sorry yeah I should have been more clear, I was trying to show that > it's a pretty common coding pattern to use /tmp for PYTHON_EGG_CACHE, > that specific instance was a bad one (it's about the only example > where it isn't actually a vulnerability =). Does this mean CVE-2013-7109 should be REJECTed or not? Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJSrzUMAAoJEG3bU/KmdcClvrkH/2BEhKHg11/3i5+d12QzHjdl LsvKQxgTslOVE4S9Pej++rGUrEx+HtKw09nosCg0kp/8X75nH0NScr78UvW0g9/L azpqkBPSPK42FktL1z+V8igiv5gS0WNQfILV6lXMhvNng18VO0+FIkDuBZYKXFw3 C5i8geFsLKrFwJT0n3nUAm6o8eaTW2sGt5SINA8enGJHV0hFRqZ7reI/fiRbiVmw 4QzIPlkFukVPnbTyUN47NXIvhlyP/mcy0d5dh0HNt/6/TKbflhHBnB7wjskJS3Cm dgj+75e3hdllqP0McTCt8uPvVadtLYtHzAr/6BdevNrAh4jk4jAilp0Y3HO04C4= =XegA -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.