mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 17:59:59 +00:00
Code Issues Projects Releases Wiki Activity

python3-pillow: Fix CVE-2023-50447

Browse Source 
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code
Execution via the environment parameter, a different vulnerability
than CVE-2022-22817 (which was about the expression parameter).

References:
https://security-tracker.debian.org/tracker/CVE-2023-50447
https://github.com/python-pillow/Pillow/blob/10.2.0/CHANGES.rst

Signed-off-by: Rahul Janani Pandi <RahulJanani.Pandi@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Rahul Janani Pandi
2024-04-08 09:42:28 +00:00
committed by Armin Kuster
parent 0fffd4d422
commit 717462f811
5 changed files with 186 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb
+4
View File
@@ -10,6 +10,10 @@ SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https
file://0001-explicitly-set-compile-options.patch \
file://run-ptest \
file://CVE-2023-44271.patch \
file://CVE-2023-50447-1.patch \
file://CVE-2023-50447-2.patch \
file://CVE-2023-50447-3.patch \
file://CVE-2023-50447-4.patch \
"
SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"