[SECURITY] Fedora 19 Update: python-pillow-2.0.0-16.gitd1c6db8.fc19

updates at fedoraproject.org updates at fedoraproject.org
Sat Nov 22 12:40:12 UTC 2014

Fedora Update Notification
2014-11-13 17:04:02

Name        : python-pillow
Product     : Fedora 19
Version     : 2.0.0
Release     : 16.gitd1c6db8.fc19
URL         : http://python-imaging.github.com/Pillow/
Summary     : Python image processing library
Description :
Python image processing library, fork of the Python Imaging Library (PIL)

This library provides extensive file format support, an efficient
internal representation, and powerful image processing capabilities.

There are five subpackages: tk (tk interface), qt (PIL image wrapper for Qt),
sane (scanning devices interface), devel (development) and doc (documentation).

Update Information:

Security fix for CVE-2014-3007, updated fix for CVE-2014-1932.
Followup fix for CVE-2014-1933.

* Wed Nov 12 2014 Sandro Mani <manisandro at gmail.com> - 2.0.0-16.gitd1c6db8
- Fix CVE-2014-3007 (rhbz #1163343), update CVE-2014-1933 to fix one more mktemp usage
* Mon Nov 10 2014 Sandro Mani <manisandro at gmail.com> - 2.0.0-15.gitd1c6db8
- CVE-2014-1933 followup (https://github.com/python-pillow/Pillow/pull/605)
* Sun Aug 17 2014 Sandro Mani <manisandro at gmail.com> - 2.0.0-14.gitd1c6db8
- Fix CVE-2014-3589 (rhbz #1130712)
* Tue Apr 22 2014 Sandro Mani <manisandro at gmail.com> - 2.0.0-13.gitd1c6db8
- Fix CVE-2014-1933 (rhbz #1063660)
* Thu Mar 13 2014 Jakub Dorňák <jdornak at redhat.com> - 2.0.0-12.gitd1c6db8
- python-pillow does not provide python3-imaging
  (python3-pillow does)
* Wed Aug 28 2013 Sandro Mani <manisandro at gmail.com> - 2.0.0-11.gitd1c6db8
- Add patch to fix memory corruption caused by invalid palette size, see rhbz#1001122

  [ 1 ] Bug #1094101 - CVE-2014-3007 python-pillow, python-imaging: command injection issue
  [ 2 ] Bug #1063658 - CVE-2014-1932 python-pillow, python-imaging: insecure temporary file creation

This update can be installed with the "yum" update program.  Use
su -c 'yum update python-pillow' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list