GNU bug report logs - #47259
python-pillow-simd package vulnerable to at least CVE-2021-25293

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Fri, 19 Mar 2021 10:38:02 UTC

Severity: normal

Tags: security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Léo Le Bouter <lle-bout <at> zaclys.net>
To: 47259 <at> debbugs.gnu.org
Subject: bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25293
Date: Fri, 19 Mar 2021 11:37:09 +0100

[Message part 1 (text/plain, inline)]

Hello!

pillow-simd is a fork of pillow (
https://github.com/uploadcare/pillow-simd), it's currently still at
version 7.x and it does not seem like it backports security patches
from pillow.

$ ./pre-inst-env guix refresh -l python-pillow-simd
No dependents other than itself: python-pillow-simd <at> 7.1.2

Do we remove it? Do we want to commit to backporting/applying all fixes
from python-pillow back in python-pillow-simd ourselves (I don't)?

Léo

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 3 years and 117 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47259 python-pillow-simd package vulnerable to at least CVE-2021-25293

GNU bug report logs - #47259
python-pillow-simd package vulnerable to at least CVE-2021-25293