Updated python-imageio packages fix security vulnerability
Publication date: 01 Jul 2024Modification date: 01 Jul 2024
Type: security
Affected Mageia releases : 9
Description
imageio can attempt to download shared freeimage libraries from https://github.com/imageio/imageio-binaries/tree/master/freeimage. The code fetches straight from master and provides no way of verifying whether the correct file was fetched. As a result, if the repository is attacked in the future, all prior versions of imageio would be silently downloading arbitrary shared libraries and running them on user systems. This is a serious problem.
SRPMS
9/core
- python-imageio-2.22.4-1.1.mga9