This security issue affects both 'python-pip' & 'python-virtualenv' packages in epel repository. If we update these packages in EPEL-6 to the latest upstream version 13.0.3or the one in F22 12.0.7, that'll fix both these issues.
@mhayden(cc'd here) has tested both these packages on the CentOS 6, and it does seem to work quite well with the existing packages.
If there is no objection to upgrading the 'python-pip' & 'python-virtualenv' packages in EPEL-6 repositories, to their latest(or F22) versions, I'd like to do that in the coming days.
Do you foresee any issues or regressions because of this upgrade? Please let us know if it could cause any trouble.
-P J P