ASA-202107-26 log generated external raw

[ASA-202107-26] python-pillow: arbitrary code execution
Arch Linux Security Advisory ASA-202107-26 ========================================== Severity: Medium Date : 2021-07-14 CVE-ID : CVE-2021-34552 Package : python-pillow Type : arbitrary code execution Remote : Yes Link : Summary ======= The package python-pillow before version 8.3.0-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 8.3.0-1. # pacman -Syu "python-pillow>=8.3.0-1" The problem has been fixed upstream in version 8.3.0. Workaround ========== None. Description =========== Pillow through 8.2.0 allows an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. Impact ====== Converting a crafted image file could lead to arbitrary code execution. References ==========