remove pystyle

[CSM-BlueRed]

pystyle has not been infected by wasp, and its a hacker that do this in pystyle, we removed the suspect line.

[bastienbournas]

Hi, what do you mean ? pystyle is referenced as malicious in the different articles about this:

• https://www.bleepingcomputer.com/news/security/dozens-of-pypi-packages-caught-dropping-w4sp-info-stealing-malware/
• https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
• https://thehackernews.com/2022/11/researchers-uncover-29-malicious-pypi.html

[CSM-BlueRed]

yeah i know, cause a hacker put a line with a module nammed _algoritmic (not the exact name) and we removed it, you can check the pypi logs

[bastienbournas]

Ok, so the package could still be vulnerable if people did not update ?

[CSM-BlueRed]

if people update pystyle, nothing happend, and if people doesnt update pystyle, nothing happend too

[bastienbournas]

So at some point in time there was a version of pystyle which had this vulnerability right ? I can add a specific case for version number, but I think the tool has to report something for pystyle if it was vulnerable

[CSM-BlueRed]

yes if you want