* [Buildroot] [PATCH 1/1] package/python-pillow: security bump to version 8.3.2
@ 2021-09-13 20:51 Fabrice Fontaine
2021-09-14 6:12 ` Peter Korsgaard
2021-09-14 13:00 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2021-09-13 20:51 UTC (permalink / raw)
To: buildroot
Cc: Angelo Compagnucci, Fabrice Fontaine, Thomas Petazzoni, Asaf Kahlon
- Fix CVE-2021-23437 Raise ValueError if color specifier is too long
- Fix 6-byte OOB read in FliDecode
- Update indentation in hash file (two spaces)
https://github.com/python-pillow/Pillow/releases/tag/8.3.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/python-pillow/python-pillow.hash | 7 ++++---
package/python-pillow/python-pillow.mk | 4 ++--
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/package/python-pillow/python-pillow.hash b/package/python-pillow/python-pillow.hash
index fb1ec53a00..3b5bdf2535 100644
--- a/package/python-pillow/python-pillow.hash
+++ b/package/python-pillow/python-pillow.hash
@@ -1,5 +1,6 @@
# md5, sha256 from https://pypi.org/pypi/pillow/json
-md5 e42fc66e41b5309436a573af49cec47c Pillow-8.3.1.tar.gz
-sha256 2cac53839bfc5cece8fdbe7f084d5e3ee61e1303cccc86511d351adcb9e2c792 Pillow-8.3.1.tar.gz
+md5 a7fc550b80819eab11e01cc097913700 Pillow-8.3.2.tar.gz
+sha256 dde3f3ed8d00c72631bc19cbfff8ad3b6215062a5eed402381ad365f82f0c18c Pillow-8.3.2.tar.gz
+
# Locally computed sha256 checksums
-sha256 5bb11d96b393a698df70018069a986248021f286344c437a13f299c3daf1dfd4 LICENSE
+sha256 5bb11d96b393a698df70018069a986248021f286344c437a13f299c3daf1dfd4 LICENSE
diff --git a/package/python-pillow/python-pillow.mk b/package/python-pillow/python-pillow.mk
index a55a937c11..168c9d632c 100644
--- a/package/python-pillow/python-pillow.mk
+++ b/package/python-pillow/python-pillow.mk
@@ -4,8 +4,8 @@
#
################################################################################
-PYTHON_PILLOW_VERSION = 8.3.1
-PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/8f/7d/1e9c2d8989c209edfd10f878da1af956059a1caab498e5bc34fa11b83f71
+PYTHON_PILLOW_VERSION = 8.3.2
+PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/90/d4/a7c9b6c5d176654aa3dbccbfd0be4fd3a263355dc24122a5f1937bdc2689
PYTHON_PILLOW_SOURCE = Pillow-$(PYTHON_PILLOW_VERSION).tar.gz
PYTHON_PILLOW_LICENSE = HPND
PYTHON_PILLOW_LICENSE_FILES = LICENSE
--
2.33.0
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/python-pillow: security bump to version 8.3.2
2021-09-13 20:51 [Buildroot] [PATCH 1/1] package/python-pillow: security bump to version 8.3.2 Fabrice Fontaine
@ 2021-09-14 6:12 ` Peter Korsgaard
2021-09-14 13:00 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-09-14 6:12 UTC (permalink / raw)
To: Fabrice Fontaine
Cc: Angelo Compagnucci, Asaf Kahlon, Thomas Petazzoni, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - Fix CVE-2021-23437 Raise ValueError if color specifier is too long
> - Fix 6-byte OOB read in FliDecode
> - Update indentation in hash file (two spaces)
> https://github.com/python-pillow/Pillow/releases/tag/8.3.2
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/python-pillow: security bump to version 8.3.2
2021-09-13 20:51 [Buildroot] [PATCH 1/1] package/python-pillow: security bump to version 8.3.2 Fabrice Fontaine
2021-09-14 6:12 ` Peter Korsgaard
@ 2021-09-14 13:00 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-09-14 13:00 UTC (permalink / raw)
To: Fabrice Fontaine
Cc: Angelo Compagnucci, Asaf Kahlon, Thomas Petazzoni, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - Fix CVE-2021-23437 Raise ValueError if color specifier is too long
> - Fix 6-byte OOB read in FliDecode
> - Update indentation in hash file (two spaces)
> https://github.com/python-pillow/Pillow/releases/tag/8.3.2
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-09-14 18:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-13 20:51 [Buildroot] [PATCH 1/1] package/python-pillow: security bump to version 8.3.2 Fabrice Fontaine
2021-09-14 6:12 ` Peter Korsgaard
2021-09-14 13:00 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.