[Sugar-devel] Malicious code in dateutil

Martin Abente martin.abente.lahaye at gmail.com
Thu Jan 23 17:54:07 EST 2020


*"The first is "python3-dateutil," which imitated the popular "dateutil"
library. The second is "jeIlyfish" (the first L is an I), which mimicked
the "jellyfish" library."*
If you read that carefully, it says these 2 libraries imitated the real
libraries. It does not say that the original libraries were compromised.

On Thu, Jan 23, 2020 at 7:50 PM Chihurumnaya Ibiam <
ibiamchihurumnaya at gmail.com> wrote:

> Dateutil has been found to contain malicious code, a github search shows
> 10+ uses of dateutil in Sugar Labs repos.
>
> You can read more about it here
>
> https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/
> _______________________________________________
> Sugar-devel mailing list
> Sugar-devel at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/sugar-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/sugar-devel/attachments/20200123/894842bf/attachment-0001.html>


More information about the Sugar-devel mailing list