Univention Bugzilla – Bug 54366
pillow: Multiple issues (5.0)
Last modified: 2022-01-26 17:21:22 CET
New Debian pillow 5.4.1-2+deb10u3 fixes: This update addresses the following issues: * improperly initializes ImagePath.Path in path_getbbox() in path.c (CVE-2022-22815) * buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c (CVE-2022-22816) * PIL.ImageMath.eval allows evaluation of arbitrary expressions (CVE-2022-22817)
--- mirror/ftp/pool/main/p/pillow/pillow_5.4.1-2+deb10u2.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/pillow_5.4.1-2+deb10u3.dsc @@ -1,3 +1,7 @@ +5.4.1-2+deb10u3 [Thu, 20 Jan 2022 20:24:28 +0100] Moritz Mühlenhoff <jmm@debian.org>: + + * CVE-2022-22815 CVE-2022-22816 CVE-2022-22817 + 5.4.1-2+deb10u2 [Wed, 22 Jul 2020 19:23:16 +0200] Moritz Mühlenhoff <jmm@debian.org>: * CVE-2020-11538 CVE-2020-10378 CVE-2020-10177 <http://piuparts.knut.univention.de/5.0-1/#5363587045836062021>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-1] 1c307e69a3 Bug #54366: pillow 5.4.1-2+deb10u3 doc/errata/staging/pillow.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x194>