Updated python-imaging and python-pillow packages fix security vulnerability
Publication date: 21 Nov 2014Modification date: 21 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3007
Description
Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters, due to an incomplete fix for CVE-2014-1932 (CVE-2014-3007).
References
SRPMS
3/core
- python-imaging-1.1.7-7.3.mga3
4/core
- python-pillow-2.2.1-0.6.mga4