-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-a1bc7decc9 2022-02-04 01:19:29.204462 --------------------------------------------------------------------------------
Name : python-pillow Product : Fedora 35 Version : 8.3.2 Release : 2.fc35 URL : http://python-pillow.github.io/ Summary : Python image processing library Description : Python image processing library, fork of the Python Imaging Library (PIL)
This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities.
There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt), devel (development) and doc (documentation).
-------------------------------------------------------------------------------- Update Information:
Backport fixes for CVE-2022-{22815,22816,22817}. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 25 2022 Sandro Mani manisandro@gmail.com - 8.3.2-2 - Backport patches for CVE-2022-{22815,22816,22817} -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2042512 - CVE-2022-22815 mingw-python-pillow: python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2042512 [ 2 ] Bug #2042513 - CVE-2022-22815 python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2042513 [ 3 ] Bug #2042523 - CVE-2022-22816 python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2042523 [ 4 ] Bug #2042524 - CVE-2022-22816 mingw-python-pillow: python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2042524 [ 5 ] Bug #2042528 - CVE-2022-22817 mingw-python-pillow: python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2042528 [ 6 ] Bug #2042530 - CVE-2022-22817 python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2042530 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-a1bc7decc9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org