From ${URL} : Description A security issue has been reported in Python pip Module, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the application creating temporary files with insecure permissions and can be exploited to e.g. overwrite arbitrary files via symlink attacks. The security issue is reported in versions prior to 1.3. Solution Update to version 1.3. Provided and/or discovered by Reported by the vendor. Original Advisory https://github.com/pypa/pip/issues/725
Solution Update to version 1.3. Arch teams please stabilize pip-1.3.1
amd64 stable
x86 stable
GLSA vote: yes.
YES too, request filed.
*** Bug 480208 has been marked as a duplicate of this bug. ***
CVE-2013-1888 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1888): pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
This issue was resolved and addressed in GLSA 201309-05 at http://security.gentoo.org/glsa/glsa-201309-05.xml by GLSA coordinator Chris Reffett (creffett).