Source: pillow
Severity: important
Tags: security
This was fixed upstream in 2.7.0 and was assigned CVE-2014-9601:
http://pillow.readthedocs.org/releasenotes/2.7.0.html#png-text-chunk-size-limits
Isolated fix is here:
https://github.com/python-pillow/Pillow/commit/b3e09122e527ae554eb590741bbd7611d5710e40
Cheers,
Moritz