Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd81b685 by Moritz Muehlenhoff at 2022-01-10T11:35:16+01:00
pillow fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -88,15 +88,15 @@ CVE-2022-22819
CVE-2022-22818
RESERVED
CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of
arbitra ...)
- - pillow <unfixed>
+ - pillow 9.0.0-1
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
NOTE:
https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
(9.0.0)
CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer
over-read d ...)
- - pillow <unfixed>
+ - pillow 9.0.0-1
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
NOTE:
https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
(9.0.0)
CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly
initializes I ...)
- - pillow <unfixed>
+ - pillow 9.0.0-1
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
NOTE:
https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
(9.0.0)
CVE-2022-22814
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd81b685351374e7f4f1bbaa020f0c5c87b30136
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd81b685351374e7f4f1bbaa020f0c5c87b30136
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
