[Secure-testing-team] Bug#769482: /usr/bin/pip-3.2: pip 1.1 is insecure, unsupported and does not work with most of python3

Sam McLeod samm at infoxchange.net.au
Thu Nov 13 22:12:55 UTC 2014 

Package: python3-pip
Version: 1.1-3
Severity: serious
File: /usr/bin/pip-3.2
Tags: security
Justification: unkkown

Dear Maintainer,

   * What led up to the situation?

Tried to upgrade a python package using pip-3.2 (which is pip v1.1)

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

pip install -U docker-forklift

   * What was the outcome of this action?

Exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/pip/basecommand.py", line 104, in main
    status = self.run(options, args)
  File "/usr/lib/python3/dist-packages/pip/commands/install.py", line 245, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/usr/lib/python3/dist-packages/pip/req.py", line 1014, in prepare_files
    req_to_install.assert_source_matches_version()
  File "/usr/lib/python3/dist-packages/pip/req.py", line 359, in assert_source_matches_version
    version = self.installed_version
  File "/usr/lib/python3/dist-packages/pip/req.py", line 351, in installed_version
    return self.pkg_info()['version']
  File "/usr/lib/python3/dist-packages/pip/req.py", line 318, in pkg_info
    data = self.egg_info_data('PKG-INFO')
  File "/usr/lib/python3/dist-packages/pip/req.py", line 261, in egg_info_data
    data = fp.read()
  File "/usr/lib/python3.2/encodings/ascii.py", line 26, in decode
    return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 6265: ordinal not in range(128)

   * What outcome did you expect instead?

docker-forklift to be upgraded

   * Notes:

https://github.com/kennethreitz/requests/issues/2335
https://github.com/infoxchange/docker-forklift/issues/78
https://security-tracker.debian.org/tracker/CVE-2013-1629


-- System Information:
Debian Release: 7.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16-0.bpo.2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages python3-pip depends on:
ii  python3                3.2.3-6
ii  python3-pkg-resources  0.6.24-1
ii  python3-setuptools     0.6.24-1
ii  python3.2              3.2.3-7

Versions of packages python3-pip recommends:
ii  build-essential  11.5
ii  python3-dev      3.2.3-6

python3-pip suggests no packages.

-- no debconf information

More information about the Secure-testing-team mailing list