drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in python-pillow
Name: |
Mehrere Probleme in python-pillow |
|
ID: |
FEDORA-2014-14883 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
So, 23. November 2014, 11:13 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3007 |
|
Applikationen: |
Pillow |
|
Originalnachricht |
Name : python-pillow Product : Fedora 20 Version : 2.2.1 Release : 7.fc20 URL : http://python-imaging.github.com/Pillow/ Summary : Python image processing library Description : Python image processing library, fork of the Python Imaging Library (PIL)
This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities.
There are five subpackages: tk (tk interface), qt (PIL image wrapper for Qt), sane (scanning devices interface), devel (development) and doc (documentation).
------------------------------------------------------------------------------- - Update Information:
Security fix for CVE-2014-3007, updated fix for CVE-2014-1932. Followup fix for CVE-2014-1933. ------------------------------------------------------------------------------- - ChangeLog:
* Wed Nov 12 2014 Sandro Mani <manisandro@gmail.com> - 2.2.1-7 - Fix CVE-2014-3007 (rhbz #1163343), update CVE-2014-1933 to fix one more mktemp usage * Mon Nov 10 2014 Sandro Mani <manisandro@gmail.com> - 2.2.1-6 - CVE-2014-1933 followup (https://github.com/python-pillow/Pillow/pull/605) * Sun Aug 17 2014 Sandro Mani <manisandro@gmail.com> - 2.2.1-5 - Fix CVE-2014-3589 (rhbz #1130712) * Tue Apr 22 2014 Sandro Mani <manisandro@gmail.com> - 2.2.1-4 - Fix CVE-2014-1933 (rhbz #1063660) * Thu Mar 13 2014 Jakub Dorňák <jdornak@redhat.com> - 2.2.1-3 - python-pillow does not provide python3-imaging (python3-pillow does) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1094101 - CVE-2014-3007 python-pillow, python-imaging: command injection issue https://bugzilla.redhat.com/show_bug.cgi?id=1094101 [ 2 ] Bug #1063658 - CVE-2014-1932 python-pillow, python-imaging: insecure temporary file creation https://bugzilla.redhat.com/show_bug.cgi?id=1063658 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update python-pillow' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|