From the oss-security thread at $URL: It was found that fabric, a simple Pythonic remote deployment tool, used insecure way for creation of temporary files, when uploading template text files and project files to a remote system. A local attacker could use this flaw to conduct symlink attacks to upload sensitive information to remote host or to overwrite certain local system files. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629003 [2] https://bugzilla.redhat.com/show_bug.cgi?id=710462
Affected versions have been removed from the tree. Current version: dev-python/fabric-1.1.1 Best regards,
(In reply to comment #1) > Affected versions have been removed from the tree. > Current version: dev-python/fabric-1.1.1 > > Best regards, Great, thank you. Closing noglsa for ~arch package.