unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#53670: ipython CVE-2022-21699
@ 2022-01-31 20:28 Leo Famulari
  2022-05-14  5:23 ` Maxim Cournoyer
  0 siblings, 1 reply; 2+ messages in thread
From: Leo Famulari @ 2022-01-31 20:28 UTC (permalink / raw)
  To: 53670

Python (Interactive Python) is a command shell for interactive computing
in multiple programming languages, originally developed for the Python
programming language. Affected versions are subject to an arbitrary code
execution vulnerability achieved by not properly managing cross user
temporary files. This vulnerability allows one user to run code as
another on the same machine. 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21699
https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x




^ permalink raw reply	[flat|nested] 2+ messages in thread
* bug#53670: ipython CVE-2022-21699
  2022-01-31 20:28 bug#53670: ipython CVE-2022-21699 Leo Famulari
@ 2022-05-14  5:23 ` Maxim Cournoyer
  0 siblings, 0 replies; 2+ messages in thread
From: Maxim Cournoyer @ 2022-05-14  5:23 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 53670-done

Hi,

Leo Famulari <leo@famulari.name> writes:

> Python (Interactive Python) is a command shell for interactive computing
> in multiple programming languages, originally developed for the Python
> programming language. Affected versions are subject to an arbitrary code
> execution vulnerability achieved by not properly managing cross user
> temporary files. This vulnerability allows one user to run code as
> another on the same machine. 
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21699
> https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x

Fixed with 1c8264d62e16f404786d9b526511cea29138ab9f.

Thanks for the report!

Maxim




^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-05-14  5:24 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-31 20:28 bug#53670: ipython CVE-2022-21699 Leo Famulari
2022-05-14  5:23 ` Maxim Cournoyer

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).