Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b754408 by Salvatore Bonaccorso at 2024-01-20T10:01:50+01:00
Add Debian bug reference for CVE-2023-50447/pillow
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -179,7 +179,7 @@ CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and
before allows a remote a
CVE-2023-50693 (An issue in dom96 Jester v.0.6.0 and before allows a remote
attacker t ...)
NOT-FOR-US: dom96 Jester
CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code
Executi ...)
- - pillow <unfixed>
+ - pillow <unfixed> (bug #1061172)
NOTE: https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#imagemath-eval-restricted-environment-keys
NOTE:
https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
(10.2.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b7544082bc5c3a7f9223f3d19209059c8e12b4d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b7544082bc5c3a7f9223f3d19209059c8e12b4d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
