GNU bug report logs - #47259
python-pillow-simd package vulnerable to at least CVE-2021-25293

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Fri, 19 Mar 2021 10:38:02 UTC

Severity: normal

Tags: security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #12 received at 47259-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Léo Le Bouter <lle-bout <at> zaclys.net>
Cc: 47259-done <at> debbugs.gnu.org
Subject: Re: bug#47259: python-pillow-simd package vulnerable to at least
 CVE-2021-25293
Date: Tue, 22 Mar 2022 22:57:55 -0400

Hi Léo,

Léo Le Bouter <lle-bout <at> zaclys.net> writes:

> Hello!
>
> pillow-simd is a fork of pillow (
> https://github.com/uploadcare/pillow-simd), it's currently still at
> version 7.x and it does not seem like it backports security patches
> from pillow.

Thanks for the heads-up; our package is currently at 9.0.0, and I've
just updated it to 9.0.0.post1.

Closing.

Maxim

This bug report was last modified 3 years and 117 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47259 python-pillow-simd package vulnerable to at least CVE-2021-25293

GNU bug report logs - #47259
python-pillow-simd package vulnerable to at least CVE-2021-25293