ALAS2-2023-2118

The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. (CVE-2021-23437)

aarch64:
    python-pillow-2.0.0-23.gitd1c6db8.amzn2.0.7.aarch64
    python-pillow-devel-2.0.0-23.gitd1c6db8.amzn2.0.7.aarch64
    python-pillow-doc-2.0.0-23.gitd1c6db8.amzn2.0.7.aarch64
    python-pillow-sane-2.0.0-23.gitd1c6db8.amzn2.0.7.aarch64
    python-pillow-tk-2.0.0-23.gitd1c6db8.amzn2.0.7.aarch64
    python-pillow-debuginfo-2.0.0-23.gitd1c6db8.amzn2.0.7.aarch64

i686:
    python-pillow-2.0.0-23.gitd1c6db8.amzn2.0.7.i686
    python-pillow-devel-2.0.0-23.gitd1c6db8.amzn2.0.7.i686
    python-pillow-doc-2.0.0-23.gitd1c6db8.amzn2.0.7.i686
    python-pillow-sane-2.0.0-23.gitd1c6db8.amzn2.0.7.i686
    python-pillow-tk-2.0.0-23.gitd1c6db8.amzn2.0.7.i686
    python-pillow-debuginfo-2.0.0-23.gitd1c6db8.amzn2.0.7.i686

src:
    python-pillow-2.0.0-23.gitd1c6db8.amzn2.0.7.src

x86_64:
    python-pillow-2.0.0-23.gitd1c6db8.amzn2.0.7.x86_64
    python-pillow-devel-2.0.0-23.gitd1c6db8.amzn2.0.7.x86_64
    python-pillow-doc-2.0.0-23.gitd1c6db8.amzn2.0.7.x86_64
    python-pillow-sane-2.0.0-23.gitd1c6db8.amzn2.0.7.x86_64
    python-pillow-tk-2.0.0-23.gitd1c6db8.amzn2.0.7.x86_64
    python-pillow-debuginfo-2.0.0-23.gitd1c6db8.amzn2.0.7.x86_64