From ${URL} : Description A security issue has been reported in Python, which can be exploited by malicious, local users to potentially disclose or manipulate certain data. The security issue is caused due to a race condition within the "os._get_masked_mode()" function (Lib/os.py), which can be exploited to cause certain application-created files to be world-accessible. The security issue is reported in versions 3.4, 3.3, and 3.2. Solution: No official solution is currently available. Provided and/or discovered by: Ryan Lortie within a bug ticket Original Advisory: Ryan Lortie: http://bugs.python.org/issue21082 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-2667 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2667): Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.
This issue was resolved and addressed in GLSA 201503-10 at https://security.gentoo.org/glsa/201503-10 by GLSA coordinator Kristian Fiskerstrand (K_F).
