1
PublicDateAtUSN: 2014-02-21
2
Candidate: CVE-2014-1933
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933
6
https://usn.ubuntu.com/usn/usn-2168-1
8
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python
9
Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the
10
names of temporary files on the command line, which makes it easier for
11
local users to conduct symlink attacks by listing the processes.
14
sarnold> See also CVE-2014-1932
15
mdeslaur> same patch as CVE-2014-1932
17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
23
upstream_pillow: needed
28
devel_pillow: released (2.3.0-1ubuntu3)
30
Patches_python-imaging:
31
upstream: https://github.com/wiredfool/Pillow/commit/a549e77bd8219a75ac745dcecc09cb963b4032a6 (bp)
32
upstream: https://github.com/wiredfool/Pillow/commit/1e331e3e6a40141ca8eee4f5da9f74e895423b66
33
upstream_python-imaging: needed
34
lucid_python-imaging: released (1.1.7-1ubuntu0.2)
35
precise_python-imaging: released (1.1.7-4ubuntu0.12.04.1)
36
quantal_python-imaging: released (1.1.7-4ubuntu0.12.10.1)
37
saucy_python-imaging: released (1.1.7+2.0.0-1ubuntu1.1)
38
devel_python-imaging: DNE