CVE-2014-1933 (retired)

Priority
Description
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python
Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the
names of temporary files on the command line, which makes it easier for
local users to conduct symlink attacks by listing the processes.
Notes
 sarnold> See also CVE-2014-1932
 mdeslaur> same patch as CVE-2014-1932
Assigned-to
mdeslaur
Package
Upstream:needed
Ubuntu 14.04 LTS (Trusty Tahr):released (2.3.0-1ubuntu3)
More Information

Updated: 2019-03-26 12:12:48 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)