[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25
From: |
Maxim Cournoyer |
Subject: |
bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25293 |
Date: |
Wed, 23 Mar 2022 12:13:32 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
Maxime Devos <maximedevos@telenet.be> writes:
> Maxim Cournoyer schreef op di 22-03-2022 om 22:57 [-0400]:
>> Léo Le Bouter <lle-bout@zaclys.net> writes:
>>
>> > Hello!
>> >
>> > pillow-simd is a fork of pillow (
>> > https://github.com/uploadcare/pillow-simd), it's currently still at
>> > version 7.x and it does not seem like it backports security patches
>> > from pillow.
>>
>> Thanks for the heads-up; our package is currently at 9.0.0, and I've
>> just updated it to 9.0.0.post1.
>
> Something went wrong
> <https://git.savannah.gnu.org/cgit/guix.git/commit/?id=4a828263791ebb8ed8f8104e015a8f467008fc76>:
> the version in the version field contains a "v" prefix which is dropped
> in Guix.
> Additionally, the package name is missing from the commit message,
> though that cannot be corrected retroactively.
Hum, apologies, it must have been late :-).
> WDYT of removing the "v", and changing the "commit" field to
>
> (commit (string-append "v" version))
>
I see that Nicholas has already fixed it; thank you!
Maxim