Updated python-pygments packages fix security vulnerability
Publication date: 26 Nov 2015Modification date: 26 Nov 2015
Type: security
Affected Mageia releases : 5
Description
An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which is invoked by ImageFormatter from options (rhbz#1276321).
References
SRPMS
5/core
- python-pygments-1.6-8.1.mga5