The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-pip": "1.5.4-1ubuntu4", "python-pip-whl": "1.5.4-1ubuntu4", "python3-pip": "1.5.4-1ubuntu4" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-pip": "8.1.1-2ubuntu0.4", "python-pip-whl": "8.1.1-2ubuntu0.4", "python3-pip": "8.1.1-2ubuntu0.4" } ] }