[Sugar-devel] Malicious code in dateutil

bottersnike237 at gmail.com bottersnike237 at gmail.com
Thu Jan 23 18:03:17 EST 2020

Previous message (by thread): [Sugar-devel] Malicious code in dateutil
Next message (by thread): [Sugar-devel] Porting to python3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It’s worth noting this is specifically the typo-squatting “python3-dateutil” package, and not the very legitimate “dateutil” package. The former only lasted on PyPi for about 2 days, so it would be a surprise if it was somehow integrated into SL code within that timeframe.

From: Sugar-devel <sugar-devel-bounces at lists.sugarlabs.org> On Behalf Of Chihurumnaya Ibiam
Sent: 23 January 2020 22:50
To: Sugar-dev Devel <Sugar-devel at lists.sugarlabs.org>
Subject: [Sugar-devel] Malicious code in dateutil

Dateutil has been found to contain malicious code, a github search shows 10+ uses of dateutil in Sugar Labs repos.

You can read more about it here

https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/sugar-devel/attachments/20200123/13bbd644/attachment.html>

Previous message (by thread): [Sugar-devel] Malicious code in dateutil
Next message (by thread): [Sugar-devel] Porting to python3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Sugar-devel mailing list