python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-01-13 10:46:16 +03:00
Code Issues Packages Projects Releases Wiki Activity

Corrected CVEs being split into heading and text

Browse Source
This commit is contained in:
Andrew Murray 2024-03-17 18:16:52 +11:00
parent 5208712b49
commit 5fd4ad4aa0
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/releasenotes/9.0.0.rst
View File

@ -51,10 +51,11 @@ will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This
help prevent problems arising if users evaluate arbitrary expressions, such as help prevent problems arising if users evaluate arbitrary expressions, such as
``ImageMath.eval("exec(exit())")``. ``ImageMath.eval("exec(exit())")``.
:cve:`2022-22815`: ImagePath.Path array handling :cve:`2022-22815`, :cve:`2022-22816`: ImagePath.Path array handling
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
(:cwe:`126`) and :cve:`2022-22816` (:cwe:`665`) were found when initializing ``ImagePath.Path``. :cve:`2022-22815` (:cwe:`126`) and :cve:`2022-22816` (:cwe:`665`) were found when
initializing ``ImagePath.Path``.
.. _OSS-Fuzz: https://github.com/google/oss-fuzz .. _OSS-Fuzz: https://github.com/google/oss-fuzz