diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-14 08:06:15 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-14 08:06:15 +0100 |
commit | 6259d9b2b3f4d2f991d5d8bbe355927f92fe10ca (patch) | |
tree | bd7bff4fdd2b6908aec9a2948f5d19f8e45d5a41 /data | |
parent | 2ae2170cdbcdf7ecf4f16fe538848401aea7f4c4 (diff) |
Add followup for CVE-2022-22817
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list.2022 | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index b8121a04d5..e095c31bc7 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -5903,6 +5903,7 @@ CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of a - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval NOTE: https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11 (9.0.0) + NOTE: Fillowup in 9.0.1: https://github.com/python-pillow/Pillow/commit/c930be0758ac02cf15a2b8d5409d50d443550581 CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ...) {DSA-5053-1 DLA-2893-1} - pillow 9.0.0-1 |