Univention Bugzilla – Bug 57032
pillow: Multiple issues (5.0)
Last modified: 2024-02-07 12:10:20 CET
New Debian pillow 5.4.1-2+deb10u4 fixes: This update addresses the following issue: 5.4.1-2+deb10u4 (Mon, 29 Jan 2024 11:10:33 -0800) * Non-maintainer upload by the Debian LTS team. * CVE-2023-50447: Prevent a potential arbitrary code execution vulnerability in the PIL.ImageMath.eval functionality. * Re-enable running Pillow's own testsuite in debian/rules.
--- mirror/ftp/pool/main/p/pillow/pillow_5.4.1-2+deb10u3.dsc +++ apt/ucs_5.0-0-errata5.0-6/source/pillow_5.4.1-2+deb10u4.dsc @@ -1,3 +1,10 @@ +5.4.1-2+deb10u4 [Mon, 29 Jan 2024 11:10:33 -0800] Chris Lamb <lamby@debian.org>: + + * Non-maintainer upload by the Debian LTS team. + * CVE-2023-50447: Prevent a potential arbitrary code execution vulnerability + in the PIL.ImageMath.eval functionality. (Closes: #1061172) + * Re-enable running Pillow's own testsuite in debian/rules. + 5.4.1-2+deb10u3 [Thu, 20 Jan 2022 20:24:28 +0100] Moritz Mühlenhoff <jmm@debian.org>: * CVE-2022-22815 CVE-2022-22816 CVE-2022-22817 <http://piuparts.knut.univention.de/5.0-6/#2489676383046209433>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-6] 158383e604 Bug #57032: pillow 5.4.1-2+deb10u4 doc/errata/staging/pillow.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) [5.0-6] eb5b31117a Bug #57032: pillow 5.4.1-2+deb10u4 doc/errata/staging/pillow.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) [5.0-6] bbd8e656d5 Bug #57032: pillow 5.4.1-2+deb10u4 doc/errata/staging/pillow.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x950>