python-pillow has been updated to 2.7.0 to fix three security issues.
The following vulnerabilities have been fixed:
* CVE-2014-9601: Remote attackers could have caused a denial of service
via a compressed text chunk in a PNG image that has a large size when
it is decompressed.
* CVE-2014-3598: Remote attackers could have caused a denial of service
using specially crafted image files via Jpeg2KImagePlugin.
* CVE-2014-3589: Remote attackers could have caused a denial of service
using specially crafted image files via IcnsImagePlugin.
* CVE-2014-1932: A local user could have overwritten arbitrary files
and obtain sensitive information via a symlink attack on the
temporary file.
* CVE-2014-1933: A local user could have gained information helpful for
symlink attacks by listing process information which uses the names
of temporary files on the command line.
Security Issues:
* CVE-2014-9601
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9601>
* CVE-2014-3598
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3598>
* CVE-2014-3589
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589>
* CVE-2014-1932
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932>
* CVE-2014-1933
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933>