Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
305c952d by Salvatore Bonaccorso at 2022-02-14T08:06:15+01:00
Add followup for CVE-2022-22817
- - - - -
274379b2 by Salvatore Bonaccorso at 2022-02-14T08:06:40+01:00
Add CVE-2022-24303/pillow
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1686,6 +1686,10 @@ CVE-2022-24304
RESERVED
CVE-2022-24303
RESERVED
+ - pillow <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052682
+ NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
+ NOTE:
https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
(9.0.1)
CVE-2022-24302
RESERVED
CVE-2022-24296
@@ -7182,6 +7186,7 @@ CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0
allows evaluation of a
- pillow 9.0.0-1
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
NOTE:
https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
(9.0.0)
+ NOTE: Fillowup in 9.0.1:
https://github.com/python-pillow/Pillow/commit/c930be0758ac02cf15a2b8d5409d50d443550581
CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer
over-read d ...)
{DSA-5053-1 DLA-2893-1}
- pillow 9.0.0-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23ffd3fb79b62d32e02be0446610c24b673fa274...274379b2f9a6a69b1669434dd857de9d34bdc96d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23ffd3fb79b62d32e02be0446610c24b673fa274...274379b2f9a6a69b1669434dd857de9d34bdc96d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
