python3-pillow: Fix CVE-2023-50447 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Rahul Janani Pandi <RahulJanani.Pandi@windriver.com>	2024-04-08 09:42:28 +0000
committer	Armin Kuster <akuster808@gmail.com>	2024-04-28 13:10:23 -0400
commit	717462f81159d00336733c62208b55db22ea1fdb (patch)
tree	40b6ac3e92c71505c35451e7a21417b90049a1bf /meta-python/recipes-devtools/python/python3-kconfiglib_14.1.0.bb
parent	0fffd4d4221461efd0d0600634af1f5dcbd846e4 (diff)
download	meta-openembedded-717462f81159d00336733c62208b55db22ea1fdb.tar.gz

python3-pillow: Fix CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). References: https://security-tracker.debian.org/tracker/CVE-2023-50447 https://github.com/python-pillow/Pillow/blob/10.2.0/CHANGES.rst Signed-off-by: Rahul Janani Pandi <RahulJanani.Pandi@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-kconfiglib_14.1.0.bb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: