[Git][security-tracker-team/security-tracker][master] Add CVE-2023-50447/pillow

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 19 21:31:13 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eba70da9 by Salvatore Bonaccorso at 2024-01-19T22:26:58+01:00
Add CVE-2023-50447/pillow

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -107,7 +107,12 @@ CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote a
 CVE-2023-50693 (An issue in dom96 Jester v.0.6.0 and before allows a remote attacker t ...)
 	NOT-FOR-US: dom96 Jester
 CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...)
-	TODO: check
+	- pillow <unfixed>
+	NOTE: https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/
+	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#imagemath-eval-restricted-environment-keys
+	NOTE: https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a (10.2.0)
+	NOTE: https://github.com/python-pillow/Pillow/commit/0ca3c33c59927e1c7e0c14dbc1eea1dfb2431a80 (10.2.0)
+	NOTE: https://github.com/python-pillow/Pillow/commit/557ba59d13de919d04b3fd4cdef8634f7d4b3348 (10.2.0)
 CVE-2023-50030 (In the module "Jms Setting" (jmssetting) from Joommasters for PrestaSh ...)
 	NOT-FOR-US: PrestaShop module
 CVE-2023-50028 (In the module "Sliding cart block" (blockslidingcart) up to version 2. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eba70da9ba5517bddb5fed2a5b2d709799db820e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eba70da9ba5517bddb5fed2a5b2d709799db820e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240119/418ff517/attachment.htm>

More information about the debian-security-tracker-commits mailing list