There are 3 open security issues in bullseye.
2 issues left for the package maintainer to handle:
- CVE-2021-23437:
(needs triaging)
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
- CVE-2022-45198:
(needs triaging)
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
You can find information about how to handle these issues in the security team's documentation.
1 ignored issue:
- CVE-2022-24303:
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.