From ${URL} : Description A security issue has been reported in SciPy, which can be exploited by malicious, local users to potentially gain escalated privileges. The security issue is caused due to the "scipy.weave" component creating temporary directories in an insecure manner and can be exploited to e.g. place code that would be executed as the user running "scipy.weave". The security issue is reported in versions prior to 0.12.1. Solution: Update to version 0.12.1. Provided and/or discovered by: Florian Weimer, Red Hat Product Security Team Original Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=916690 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
*** Bug 487874 has been marked as a duplicate of this bug. ***
@arches please go ahead.
amd64 stable (by ago)
ppc stable
ppc64 stable
x86 stable. Maintainer(s), please cleanup
02 Nov 2013; Justin Lecher <jlec@gentoo.org> -scipy-0.9.0-r1.ebuild, + -scipy-0.12.0.ebuild: + Drop vulnerable versions, #488048 + security please proceed.
GLSA vote: no.
Thanks for your work GLSA vote: no Closing as noglsa