Upstream has released version 2.3.2 on August 13 to fix a security issue: https://pypi.python.org/pypi/Pillow/2.3.2 Philippe updated the package to version 2.3.2 in Cauldron. The upstream patch commit to fix this is here: https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d Patched packages uploaded for Mageia 3 (python-imaging) and Mageia 4 (python-pillow). Advisory: ======================== Updated python-imaging and python-pillow packages fix security vulnerabilities: The Python Imaging Library is vulnerable to a denial of service attack in the IcnsImagePlugin (CVE-2014-3589). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589 https://pypi.python.org/pypi/Pillow/2.3.2 ======================== Updated packages in core/updates_testing: ======================== python-imaging-1.1.7-7.2.mga3 python-imaging-devel-1.1.7-7.2.mga3 python-pillow-2.2.1-0.5.mga4 python-pillow-devel-2.2.1-0.5.mga4 python-pillow-doc-2.2.1-0.5.mga4 python-pillow-sane-2.2.1-0.5.mga4 python-pillow-tk-2.2.1-0.5.mga4 python-pillow-qt-2.2.1-0.5.mga4 python3-pillow-2.2.1-0.5.mga4 python3-pillow-devel-2.2.1-0.5.mga4 python3-pillow-doc-2.2.1-0.5.mga4 python3-pillow-sane-2.2.1-0.5.mga4 python3-pillow-tk-2.2.1-0.5.mga4 python3-pillow-qt-2.2.1-0.5.mga4 from SRPMS: python-imaging-1.1.7-7.2.mga3.src.rpm python-pillow-2.2.1-0.5.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=13075#c1
Whiteboard: MGA3TOO => MGA3TOO has_procedure
Testing complete on Mageia 4 64bit.
CC: (none) => remiWhiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure MGA4-64-OK
Testing complete mga3 32 Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure MGA4-64-OK => MGA3TOO has_procedure advisory MGA4-64-OK mga3-32-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0343.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/609186/