On Tue, 20 Jul 2021 06:36:44 +0100 Neil Williams wrote:
> This has been fixed upstream in version 8.3. The upstream fix can be
> backported to 8.1 in unstable.
>
> This is a tracking bug to ease migration of pillow into bullseye.
>
> I have an upload ready for unstable.
Attaching the debdiff
Source: pillow
Version: 8.1.2+dfsg-0.2
Severity: grave
Tags: security
Justification: user security hole
https://security-tracker.debian.org/tracker/CVE-2021-34552
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow
an attacker to
pass controlled parameters directly
2 matches
Mail list logo
