[Sugar-devel] Malicious code in dateutil
bottersnike237 at gmail.com
bottersnike237 at gmail.com
Thu Jan 23 18:03:17 EST 2020
It’s worth noting this is specifically the typo-squatting “python3-dateutil” package, and not the very legitimate “dateutil” package. The former only lasted on PyPi for about 2 days, so it would be a surprise if it was somehow integrated into SL code within that timeframe.
From: Sugar-devel <sugar-devel-bounces at lists.sugarlabs.org> On Behalf Of Chihurumnaya Ibiam
Sent: 23 January 2020 22:50
To: Sugar-dev Devel <Sugar-devel at lists.sugarlabs.org>
Subject: [Sugar-devel] Malicious code in dateutil
Dateutil has been found to contain malicious code, a github search shows 10+ uses of dateutil in Sugar Labs repos.
You can read more about it here
https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/sugar-devel/attachments/20200123/13bbd644/attachment.html>
More information about the Sugar-devel
mailing list