--- Begin Message ---
|
Subject: |
python-pillow-simd package vulnerable to at least CVE-2021-25293 |
|
Date: |
Fri, 19 Mar 2021 11:37:09 +0100 |
|
User-agent: |
Evolution 3.34.2 |
Hello!
pillow-simd is a fork of pillow (
https://github.com/uploadcare/pillow-simd), it's currently still at
version 7.x and it does not seem like it backports security patches
from pillow.
$ ./pre-inst-env guix refresh -l python-pillow-simd
No dependents other than itself: python-pillow-simd@7.1.2
Do we remove it? Do we want to commit to backporting/applying all fixes
from python-pillow back in python-pillow-simd ourselves (I don't)?
Léo
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
|
Subject: |
Re: bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25293 |
|
Date: |
Tue, 22 Mar 2022 22:57:55 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi Léo,
Léo Le Bouter <lle-bout@zaclys.net> writes:
> Hello!
>
> pillow-simd is a fork of pillow (
> https://github.com/uploadcare/pillow-simd), it's currently still at
> version 7.x and it does not seem like it backports security patches
> from pillow.
Thanks for the heads-up; our package is currently at 9.0.0, and I've
just updated it to 9.0.0.post1.
Closing.
Maxim
--- End Message ---