GNU bug report logs - #53670
ipython CVE-2022-21699

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 31 Jan 2022 20:29:01 UTC

Severity: normal

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #10 received at 53670-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 53670-done <at> debbugs.gnu.org
Subject: Re: bug#53670: ipython CVE-2022-21699
Date: Sat, 14 May 2022 01:23:43 -0400

Hi,

Leo Famulari <leo <at> famulari.name> writes:

> Python (Interactive Python) is a command shell for interactive computing
> in multiple programming languages, originally developed for the Python
> programming language. Affected versions are subject to an arbitrary code
> execution vulnerability achieved by not properly managing cross user
> temporary files. This vulnerability allows one user to run code as
> another on the same machine. 
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21699
> https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x

Fixed with 1c8264d62e16f404786d9b526511cea29138ab9f.

Thanks for the report!

Maxim

This bug report was last modified 3 years and 12 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #53670 ipython CVE-2022-21699

GNU bug report logs - #53670
ipython CVE-2022-21699