[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-50447/pillow
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 20 09:02:26 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7b754408 by Salvatore Bonaccorso at 2024-01-20T10:01:50+01:00
Add Debian bug reference for CVE-2023-50447/pillow
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -179,7 +179,7 @@ CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote a
CVE-2023-50693 (An issue in dom96 Jester v.0.6.0 and before allows a remote attacker t ...)
NOT-FOR-US: dom96 Jester
CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...)
- - pillow <unfixed>
+ - pillow <unfixed> (bug #1061172)
NOTE: https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#imagemath-eval-restricted-environment-keys
NOTE: https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a (10.2.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b7544082bc5c3a7f9223f3d19209059c8e12b4d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b7544082bc5c3a7f9223f3d19209059c8e12b4d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240120/f56e9283/attachment.htm>
More information about the debian-security-tracker-commits
mailing list