Amathala eencwadi amathathu anekhowudi ekhohlakeleyo achongiwe kuluhlu lwePyPI (Python Package Index). Ngaphambi kokuba kuchongwe iingxaki kwaye zisuswe kwikhathalogu, iipakethe bezikhutshelwe phantse amaxesha angama-15 amawaka.
I-dpp-client (10194 downloads) kunye ne-dpp-client1234 (i-1536 downloads) iipakethe ziye zasasazwa ukususela ngoFebruwari kwaye zibandakanya ikhowudi yokuthumela imixholo yezinto eziguquguqukayo zendalo, umzekelo, zingabandakanya izitshixo zokufikelela, iithokheni okanye iiphasiwedi kwiinkqubo eziqhubekayo zokudibanisa. okanye iindawo zamafu ezifana ne-AWS. Impahla iphinde yathumela uluhlu oluqulathe imixholo ye "/home", "/mnt/mesos/" kunye ne "mnt/mesos/sandbox" abalawuli kumamkeli wangaphandle.
Iphakheji ye-aws-login0tool (ukukhutshelwa kwe-3042) yathunyelwa kwindawo yokugcina i-PyPI ngoDisemba 1 kwaye ifakwe ikhowudi yokukhuphela kunye nokuqhuba isicelo seTrojan ukuthatha ulawulo lwemikhosi eqhuba iWindows. Xa ukhetha igama lephakheji, ubalo lwenziwa kwinto yokuba izitshixo "0" kunye "-" zikufuphi kwaye kunokwenzeka ukuba umphuhlisi uya kuchwetheza "aws-login0tool" endaweni ye "aws-login-tool".
Iiphakheji eziyingxaki zichongiwe ngexesha lovavanyo olulula, apho inxalenye yeepakethe zePyPI (malunga nama-200 amawaka eepakethe ezingamawaka angama-330 kwindawo yokugcina) zakhutshelwa kusetyenziswa i-Bandersnatch utility, emva koko i-grep utility ichongiwe kwaye yahlalutya iipakethe ezazikho. ekhankanywe kwifayile ye setup.py "import urllib.request" umnxeba, oqhele ukusetyenziswa ukuthumela izicelo kumanginginya angaphandle.
umthombo: opennet.ru