Updated python-pillow packages fix a security vulnerability
Publication date: 30 Jan 2024Modification date: 30 Jan 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-50447
Description
This update fixes the following security issue: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter This is a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
References
SRPMS
9/core
- python-pillow-9.2.0-3.1.mga9