Updated python-imageio packages fix security vulnerability
Publication date: 01 Jul 2024Modification date: 01 Jul 2024
Type: security
Affected Mageia releases : 9
Description
imageio can attempt to download shared freeimage libraries from
https://github.com/imageio/imageio-binaries/tree/master/freeimage. The
code fetches straight from master and provides no way of verifying
whether the correct file was fetched. As a result, if the repository is
attacked in the future, all prior versions of imageio would be silently
downloading arbitrary shared libraries and running them on user systems.
This is a serious problem.
SRPMS
9/core
- python-imageio-2.22.4-1.1.mga9