[Epel-packagers-sig] [Bug 2052682] New: CVE-2022-24303 python-pillow: temporary directory with a space character allows removal of unrelated file after im.show() and related action

9 Feb 2022


      https://bugzilla.redhat.com/show_bug.cgi?id=2052682
Bug ID: 2052682
           Summary: CVE-2022-24303 python-pillow: temporary directory with
                    a space character allows removal of unrelated file
                    after im.show() and related action
           Product: Security Response
          Hardware: All
                OS: Linux
            Status: NEW
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team@redhat.com
          Reporter: gsuckevi@redhat.com
                CC: bdettelb@redhat.com, cstratak@redhat.com,
                    epel-packagers-sig@lists.fedoraproject.org,
                    infra-sig@lists.fedoraproject.org,
                    manisandro@gmail.com, miminar@redhat.com,
                    orion@nwra.com, python-maint@redhat.com,
                    python-sig@lists.fedoraproject.org, torsava@redhat.com
  Target Milestone: ---
    Classification: Other
If the path to the temporary directory on Linux or macOS contained a space,
this would break removal of the temporary image file after im.show() (and
related actions), and potentially remove an unrelated file. This been present
since PIL.
Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html
-- 
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2052682

2025

2024

2023

2022

2021

[Epel-packagers-sig] [Bug 2052682] New: CVE-2022-24303 python-pillow: temporary directory with a space character allows removal of unrelated file after im.show() and related action