The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "python-pip", "binary_version": "1.5.4-1ubuntu4" }, { "binary_name": "python-pip-whl", "binary_version": "1.5.4-1ubuntu4" }, { "binary_name": "python3-pip", "binary_version": "1.5.4-1ubuntu4" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "python-pip", "binary_version": "8.1.1-2ubuntu0.4" }, { "binary_name": "python-pip-whl", "binary_version": "8.1.1-2ubuntu0.4" }, { "binary_name": "python3-pip", "binary_version": "8.1.1-2ubuntu0.4" } ] }