[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-50447/pillow via unstable

Sat Jan 20 10:13:29 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
97c3ae87 by Salvatore Bonaccorso at 2024-01-20T11:12:55+01:00
Track fixed version for CVE-2023-50447/pillow via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -179,7 +179,7 @@ CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote a
 CVE-2023-50693 (An issue in dom96 Jester v.0.6.0 and before allows a remote attacker t ...)
 	NOT-FOR-US: dom96 Jester
 CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...)
-	- pillow <unfixed> (bug #1061172)
+	- pillow 10.2.0-1 (bug #1061172)
 	NOTE: https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#imagemath-eval-restricted-environment-keys
 	NOTE: https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a (10.2.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97c3ae87e1a3de1a4a791091517cf7fd91b10400

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97c3ae87e1a3de1a4a791091517cf7fd91b10400
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240120/cb56447f/attachment.htm>
