From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id kEw8D9BO+GEwDQEAgWs5BA
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 31 Jan 2022 22:04:16 +0100
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id gCrlC9BO+GHqUAAAauVa8A
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 31 Jan 2022 22:04:16 +0100
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 96753D9D1
	for <larch@yhetil.org>; Mon, 31 Jan 2022 22:04:14 +0100 (CET)
Received: from localhost ([::1]:54234 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1nEdqP-0006EM-RV
	for larch@yhetil.org; Mon, 31 Jan 2022 16:04:13 -0500
Received: from eggs.gnu.org ([209.51.188.92]:51996)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nEdIM-0006Lz-C8
 for bug-guix@gnu.org; Mon, 31 Jan 2022 15:29:02 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:48156)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nEdIM-0007nI-19
 for bug-guix@gnu.org; Mon, 31 Jan 2022 15:29:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1nEdIL-0002hL-VD
 for bug-guix@gnu.org; Mon, 31 Jan 2022 15:29:01 -0500
X-Loop: help-debbugs@gnu.org
Subject: bug#53670: ipython CVE-2022-21699
Resent-From: Leo Famulari <leo@famulari.name>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Mon, 31 Jan 2022 20:29:01 +0000
Resent-Message-ID: <handler.53670.B.164366091310327@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 53670
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 53670@debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.164366091310327
 (code B ref -1); Mon, 31 Jan 2022 20:29:01 +0000
Received: (at submit) by debbugs.gnu.org; 31 Jan 2022 20:28:33 +0000
Received: from localhost ([127.0.0.1]:41059 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1nEdHt-0002gU-9I
 for submit@debbugs.gnu.org; Mon, 31 Jan 2022 15:28:33 -0500
Received: from lists.gnu.org ([209.51.188.17]:37026)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1nEdHr-0002gI-64
 for submit@debbugs.gnu.org; Mon, 31 Jan 2022 15:28:31 -0500
Received: from eggs.gnu.org ([209.51.188.92]:51734)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@famulari.name>) id 1nEdHq-0005CF-HS
 for bug-guix@gnu.org; Mon, 31 Jan 2022 15:28:30 -0500
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:44047)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@famulari.name>) id 1nEdHn-0007ih-7w
 for bug-guix@gnu.org; Mon, 31 Jan 2022 15:28:29 -0500
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id 038FF5C01CE;
 Mon, 31 Jan 2022 15:28:24 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
 by compute5.internal (MEProxy); Mon, 31 Jan 2022 15:28:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:content-type:date:date:from:from:in-reply-to:message-id
 :mime-version:reply-to:sender:subject:subject:to:to; s=mesmtp;
 bh=VafgleZd5W7nzRPvKd1NGE3PW5rohFaA1R3VdJh5Rc4=; b=mOJqM+cT+qGd
 /AobxpnGjF21Vw4jaBQNfKoe8spEPlz4O4HRqezfTQxWbwb1fWQh0YhbOfwfE47R
 zr3UtDsf5EUHsBWQRhK049HQzJrlgJNDv9ryZPLsppxnW7cjnIAPPYRZmnFmXZAQ
 vT/YRS7gfUZdb3Dzwx9lGgIWsZGezrc=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:date:from:from
 :in-reply-to:message-id:mime-version:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; bh=VafgleZd5W7nzRPvKd1NGE3PW5rohFaA1R3VdJh5R
 c4=; b=Lp/AeZvIzm8tzt4E4CYu//I1BCB+8vpdj0y68I4Qh3q5Ngpbos0QzAuVW
 fBEEbvq8Z2DnPId3QTV95uBLCXIiy3mCvGEmZRH+OLpxMyq9jU5zodxcwOjjjmOR
 CFLSiW3PaXkjhaFmSn+sYvPrvTkifeCWjIjeufBxiCvLhhvJb3IKanYosG4OQcG2
 womqcLBHy07T3s5rKHgaRQoG+1491Pvf+zsFJVsXjzSEcJK0cKQy1DR/WqdnHE7q
 fR6ISTmOQSTGo/pew/z3ZuUIYkLs6UENdrXkY09+pvCZLQ3MHzBOnnVjhMk27pZz
 u95Piua/Rmy52LOrVJDMiFrDqGbfQ==
X-ME-Sender: <xms:Z0b4YTJZUwWdyd6_r_axXWRKciLghRVo_dfeLj5UdzkBYvtDevWtUQ>
 <xme:Z0b4YXICrgSjGu-IlocPxZBk0Uai_5-V70a0oSHUCnWV3oWnrD6zKa2HFictkYJvG
 SKAC7hzx5WyIhSTRA>
X-ME-Received: <xmr:Z0b4YbvOwWg-uyojGDKG_zGase8TDssBLimBjm-ggXUdht93_WD_3JAQKnV-vlE4ESiZzQfcaFMguFDt3nGVz0itHQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrgedugddufeelucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkgggtugesthdtredttd
 dtvdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhi
 rdhnrghmvgeqnecuggftrfgrthhtvghrnhepffdtvdekueegvdeuieelhefgfeelhffghf
 eihedvvdfgkedvgfevveejjeekgeejnecuffhomhgrihhnpehmihhtrhgvrdhorhhgpdhg
 ihhthhhusgdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih
 hlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:Z0b4YcZziL21wlgTy4i2aklSX5NF43AtUwA8AllWgBGZk2qDH_zA-A>
 <xmx:Z0b4Yabz6PUg4_bweA9EgJumN46dMugSs0W4jNuzsz64H0mTh8x3rA>
 <xmx:Z0b4YQB-BRG9MCPQHZD3irDde7kFf-3ORXM156aw2gI1fGW9T8a-tA>
 <xmx:Z0b4YY1RMUaR_K3-HTK0GEmtbC63AOV8rKcEI_N0C3J2bzVf-o6wEg>
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <bug-guix@gnu.org>; Mon, 31 Jan 2022 15:28:23 -0500 (EST)
Date: Mon, 31 Jan 2022 15:28:21 -0500
From: Leo Famulari <leo@famulari.name>
Message-ID: <YfhGZYMWheuS6+or@jasmine.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Received-SPF: pass client-ip=66.111.4.28; envelope-from=leo@famulari.name;
 helo=out4-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1643663054;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:list-id:list-help:list-unsubscribe:list-subscribe:
	 list-post:dkim-signature; bh=VafgleZd5W7nzRPvKd1NGE3PW5rohFaA1R3VdJh5Rc4=;
	b=oO04sywx1+kr3PfEjOR2ZTm3+M3dWNEOdFW95WKBg+1kqYnez9n3z0/zwpwCAXfr22HKgM
	friE4E17P1ADUm3WzzZhiEPKy8dcCZF+eCP1LxsoCTHllXu8kKSBnNE+VKqskFwm7ZQqY5
	y+Xp3ukOIrc5lRkvSslXOAg9vcfVT2tMev64oIKbDodU/BTV3f5hZi4Pd1BPrCvz6w81KB
	AUrSoAZNoWnmk4qZneY5hGwe9yWNOhLx5/ROfrY4yEVSkp7by2T38O2QFKqbsZxy8ZrXCw
	DxuDGmuRydo6bO6hGZ+bID6/BJkHLauZg0HRjmh2On30BoF32Mjbew3esJLuZQ==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1643663054; a=rsa-sha256; cv=none;
	b=BVMlAEKJ7xXyImg++eZg354RFcIpLpi/QfXLFug7+UlHSs2HV9e64pGBKu6kjGXeKSlyaN
	KxKJQEXPv938jZlh7uHzIO5BPYyShAfotT1oewT6zLot4P5eXU5eKh2jkqJabb91I1OdeS
	zai4/08Q78ZFTToxEUAO/hrvbSuzip/dl40Y9SQ9ALBHM4TA9H0mG01Pn8n2Qo6yaNl7kW
	PFPkJmiLaIeq+tHTPj58hZY05162UGDA1KqHbSXienpAtN2ymYPqcoaLvlaVkF8/IHRmTG
	dmgcfkZcLKzTTs+7pxahi+UO59k/ivfcZ9k0DBCLzdD2gZfusxLbjRptJWWJSQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=mOJqM+cT;
	dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b="Lp/AeZvI";
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -2.93
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=mOJqM+cT;
	dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b="Lp/AeZvI";
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 96753D9D1
X-Spam-Score: -2.93
X-Migadu-Scanner: scn0.migadu.com
X-TUID: j1cV9hadS7wJ

Python (Interactive Python) is a command shell for interactive computing
in multiple programming languages, originally developed for the Python
programming language. Affected versions are subject to an arbitrary code
execution vulnerability achieved by not properly managing cross user
temporary files. This vulnerability allows one user to run code as
another on the same machine. 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21699
https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x