A vulnerability has been discovered and corrected in python-setuptools/python-virtualenv: easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product . The updated python-setuptools packages has been upgraded to the 0.9.8 version and the python-virtualenv packages has been upgraded to the 1.10.1 version which is not vulnerable to this issue.