bug#22858: Patch security vulnerability in python-pillow

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22858: Patch security vulnerability in python-pillow

From:	Christopher Allan Webber
Subject:	bug#22858: Patch security vulnerability in python-pillow
Date:	Mon, 29 Feb 2016 15:04:04 -0800
User-agent:	mu4e 0.9.13; emacs 24.5.1

Christopher Allan Webber writes:

> Leo Famulari writes:
>
>>> I'm trying to figure out where the patches for this are, but I can't
>>> find them.  I expected them to maybe be here, but I don't see them here:
>>
>> I updated python-pillow to 3.1.1 with 16095d2729, fixing these issues.
>>
>> When I did that, CVE-2016-2533 wasn't named yet, but my understanding is
>> that the update does address it:
>> https://github.com/python-pillow/Pillow/commits/e5324bd3b4195d68d4a066b16d912fca30d3c4be
>>
>> Python2-pil *is* vulnerable. However, it seems to have no users in our
>> source tree. Should we remove it?
>
> I think so.  Here's a patch to remove it.  Look good?  (Not sure if this
> needs a review or not :))
>
>  - Chris

Leo gave me some comments on the description on IRC, so I changed those
and pushed!

[Prev in Thread]

Current Thread

[Next in Thread]

bug#22858: Patch security vulnerability in python-pillow, Christopher Allan Webber, 2016/02/29
- bug#22858: Patch security vulnerability in python-pillow, Leo Famulari, 2016/02/29
  - bug#22858: Patch security vulnerability in python-pillow, Christopher Allan Webber, 2016/02/29
    - bug#22858: Patch security vulnerability in python-pillow, Christopher Allan Webber <=

Prev by Date: bug#22858: Patch security vulnerability in python-pillow
Next by Date: bug#22139: Indirect dependencies are not grafted
Previous by thread: bug#22858: Patch security vulnerability in python-pillow
Index(es):
- Date
- Thread