Source: pillow Version: 8.1.2+dfsg-0.2 Severity: grave Tags: security Justification: user security hole
https://security-tracker.debian.org/tracker/CVE-2021-34552 Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. This has been fixed upstream in version 8.3. The upstream fix can be backported to 8.1 in unstable. This is a tracking bug to ease migration of pillow into bullseye. I have an upload ready for unstable. -- Neil Williams
