[Git][security-tracker-team/security-tracker][master] 2 commits: Add followup for CVE-2022-22817

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 14 07:07:10 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
305c952d by Salvatore Bonaccorso at 2022-02-14T08:06:15+01:00
Add followup for CVE-2022-22817

- - - - -
274379b2 by Salvatore Bonaccorso at 2022-02-14T08:06:40+01:00
Add CVE-2022-24303/pillow

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1686,6 +1686,10 @@ CVE-2022-24304
 	RESERVED
 CVE-2022-24303
 	RESERVED
+	- pillow <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052682
+	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
+	NOTE: https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26 (9.0.1)
 CVE-2022-24302
 	RESERVED
 CVE-2022-24296
@@ -7182,6 +7186,7 @@ CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of a
 	- pillow 9.0.0-1
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
 	NOTE: https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11 (9.0.0)
+	NOTE: Fillowup in 9.0.1: https://github.com/python-pillow/Pillow/commit/c930be0758ac02cf15a2b8d5409d50d443550581
 CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ...)
 	{DSA-5053-1 DLA-2893-1}
 	- pillow 9.0.0-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23ffd3fb79b62d32e02be0446610c24b673fa274...274379b2f9a6a69b1669434dd857de9d34bdc96d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23ffd3fb79b62d32e02be0446610c24b673fa274...274379b2f9a6a69b1669434dd857de9d34bdc96d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220214/4e3c4051/attachment.htm>

More information about the debian-security-tracker-commits mailing list