GNU bug report logs - #53670
ipython CVE-2022-21699

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 31 Jan 2022 20:29:01 UTC

Severity: normal

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 53670 in the body.
You can then email your comments to 53670 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-guix <at> gnu.org:
bug#53670; Package guix. (Mon, 31 Jan 2022 20:29:01 GMT) Full text and rfc822 format available.

Acknowledgement sent to Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Mon, 31 Jan 2022 20:29:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Subject: ipython CVE-2022-21699
Date: Mon, 31 Jan 2022 15:28:21 -0500
Python (Interactive Python) is a command shell for interactive computing
in multiple programming languages, originally developed for the Python
programming language. Affected versions are subject to an arbitrary code
execution vulnerability achieved by not properly managing cross user
temporary files. This vulnerability allows one user to run code as
another on the same machine. 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21699
https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x




Reply sent to Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
You have taken responsibility. (Sat, 14 May 2022 05:24:01 GMT) Full text and rfc822 format available.

Notification sent to Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer. (Sat, 14 May 2022 05:24:02 GMT) Full text and rfc822 format available.

Message #10 received at 53670-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 53670-done <at> debbugs.gnu.org
Subject: Re: bug#53670: ipython CVE-2022-21699
Date: Sat, 14 May 2022 01:23:43 -0400
Hi,

Leo Famulari <leo <at> famulari.name> writes:

> Python (Interactive Python) is a command shell for interactive computing
> in multiple programming languages, originally developed for the Python
> programming language. Affected versions are subject to an arbitrary code
> execution vulnerability achieved by not properly managing cross user
> temporary files. This vulnerability allows one user to run code as
> another on the same machine. 
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21699
> https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x

Fixed with 1c8264d62e16f404786d9b526511cea29138ab9f.

Thanks for the report!

Maxim




bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 11 Jun 2022 11:24:07 GMT) Full text and rfc822 format available.

This bug report was last modified 1 year and 291 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.