* Jakub Wilk , 2014-01-29, 21:19:
There are other uses of tempfile.mktemp() in the PIL codebase. They
are most likely insecure too, but I haven't checked.
I have now checked the rest, and they are all insecure.
In PIL/EpsImagePlugin.py:
file = tempfile.mktemp()
# Build ghostscript co
Package: python-pil
Version: 2.2.1-3.1
Severity: important
Tags: security
PIL/JpegImagePlugin.py contains this code:
def load_djpeg(self):
# ALTERNATIVE: handle JPEGs via the IJG command line utilities
import tempfile, os
file = tempfile.mktemp()
os.system("
2 matches
Mail list logo
