From oss-security mailing list at $URL: Description: An insecure /tmp file handling was found in python-virtualenv Solution: There is a patch at upstream bug[1]. [1]: https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5
The fix was released in virtualenv 1.5 on 2010-09-14. Vulnerable versions were deleted from gentoo-x86 over 11 months ago.
(In reply to comment #1) > The fix was released in virtualenv 1.5 on 2010-09-14. > Vulnerable versions were deleted from gentoo-x86 over 11 months ago. Sorry, my mistake.
GLSA Vote: yes.
I'm thinking this could be closed...
CVE-2011-4617 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4617): virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
Vote: yes. Created new GLSA request.
This issue was resolved and addressed in GLSA 201206-17 at http://security.gentoo.org/glsa/glsa-201206-17.xml by GLSA coordinator Sean Amoss (ackle).