The Pillow people reused a CVE that was fixed in 9.0.0 in 9.0.1. Popping it out to its own tracker for both bugs.