GNU bug report logs - #53670
ipython CVE-2022-21699

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 31 Jan 2022 20:29:01 UTC

Severity: normal

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Subject: bug#53670: closed (Re: bug#53670: ipython CVE-2022-21699)
Date: Sat, 14 May 2022 05:24:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#53670: ipython CVE-2022-21699

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 53670 <at> debbugs.gnu.org.

-- 
53670: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=53670
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 53670-done <at> debbugs.gnu.org
Subject: Re: bug#53670: ipython CVE-2022-21699
Date: Sat, 14 May 2022 01:23:43 -0400

Hi,

Leo Famulari <leo <at> famulari.name> writes:

> Python (Interactive Python) is a command shell for interactive computing
> in multiple programming languages, originally developed for the Python
> programming language. Affected versions are subject to an arbitrary code
> execution vulnerability achieved by not properly managing cross user
> temporary files. This vulnerability allows one user to run code as
> another on the same machine. 
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21699
> https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x

Fixed with 1c8264d62e16f404786d9b526511cea29138ab9f.

Thanks for the report!

Maxim


[Message part 3 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Subject: ipython CVE-2022-21699
Date: Mon, 31 Jan 2022 15:28:21 -0500

Python (Interactive Python) is a command shell for interactive computing
in multiple programming languages, originally developed for the Python
programming language. Affected versions are subject to an arbitrary code
execution vulnerability achieved by not properly managing cross user
temporary files. This vulnerability allows one user to run code as
another on the same machine. 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21699
https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
This bug report was last modified 3 years and 12 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.