Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 832599 (CVE-2022-22817)

Summary: [Tracker] PIL.ImageMath.eval arbitrary expression evaluation
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---
Bug Depends on: 830934, 832598    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-03 04:09:47 UTC
The Pillow people reused a CVE that was fixed in 9.0.0 in 9.0.1. Popping it out to its own tracker for both bugs.