Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eba70da9 by Salvatore Bonaccorso at 2024-01-19T22:26:58+01:00
Add CVE-2023-50447/pillow
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -107,7 +107,12 @@ CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and
before allows a remote a
CVE-2023-50693 (An issue in dom96 Jester v.0.6.0 and before allows a remote
attacker t ...)
NOT-FOR-US: dom96 Jester
CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code
Executi ...)
- TODO: check
+ - pillow <unfixed>
+ NOTE: https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/
+ NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#imagemath-eval-restricted-environment-keys
+ NOTE:
https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
(10.2.0)
+ NOTE:
https://github.com/python-pillow/Pillow/commit/0ca3c33c59927e1c7e0c14dbc1eea1dfb2431a80
(10.2.0)
+ NOTE:
https://github.com/python-pillow/Pillow/commit/557ba59d13de919d04b3fd4cdef8634f7d4b3348
(10.2.0)
CVE-2023-50030 (In the module "Jms Setting" (jmssetting) from Joommasters for
PrestaSh ...)
NOT-FOR-US: PrestaShop module
CVE-2023-50028 (In the module "Sliding cart block" (blockslidingcart) up to
version 2. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eba70da9ba5517bddb5fed2a5b2d709799db820e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eba70da9ba5517bddb5fed2a5b2d709799db820e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
