* [Buildroot] [git commit branch/2021.05.x] package/python-pillow: security bump to version 8.3.2
@ 2021-09-14 13:00 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2021-09-14 13:00 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=9744b1f03050f06d0c8738852c9cd6716be9130b
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.05.x
- Fix CVE-2021-23437 Raise ValueError if color specifier is too long
- Fix 6-byte OOB read in FliDecode
- Update indentation in hash file (two spaces)
https://github.com/python-pillow/Pillow/releases/tag/8.3.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a7919e68a60c6055bb2a729b5aeb6d47e7bbe924)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/python-pillow/python-pillow.hash | 7 ++++---
package/python-pillow/python-pillow.mk | 4 ++--
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/package/python-pillow/python-pillow.hash b/package/python-pillow/python-pillow.hash
index fb1ec53a00..3b5bdf2535 100644
--- a/package/python-pillow/python-pillow.hash
+++ b/package/python-pillow/python-pillow.hash
@@ -1,5 +1,6 @@
# md5, sha256 from https://pypi.org/pypi/pillow/json
-md5 e42fc66e41b5309436a573af49cec47c Pillow-8.3.1.tar.gz
-sha256 2cac53839bfc5cece8fdbe7f084d5e3ee61e1303cccc86511d351adcb9e2c792 Pillow-8.3.1.tar.gz
+md5 a7fc550b80819eab11e01cc097913700 Pillow-8.3.2.tar.gz
+sha256 dde3f3ed8d00c72631bc19cbfff8ad3b6215062a5eed402381ad365f82f0c18c Pillow-8.3.2.tar.gz
+
# Locally computed sha256 checksums
-sha256 5bb11d96b393a698df70018069a986248021f286344c437a13f299c3daf1dfd4 LICENSE
+sha256 5bb11d96b393a698df70018069a986248021f286344c437a13f299c3daf1dfd4 LICENSE
diff --git a/package/python-pillow/python-pillow.mk b/package/python-pillow/python-pillow.mk
index a55a937c11..168c9d632c 100644
--- a/package/python-pillow/python-pillow.mk
+++ b/package/python-pillow/python-pillow.mk
@@ -4,8 +4,8 @@
#
################################################################################
-PYTHON_PILLOW_VERSION = 8.3.1
-PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/8f/7d/1e9c2d8989c209edfd10f878da1af956059a1caab498e5bc34fa11b83f71
+PYTHON_PILLOW_VERSION = 8.3.2
+PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/90/d4/a7c9b6c5d176654aa3dbccbfd0be4fd3a263355dc24122a5f1937bdc2689
PYTHON_PILLOW_SOURCE = Pillow-$(PYTHON_PILLOW_VERSION).tar.gz
PYTHON_PILLOW_LICENSE = HPND
PYTHON_PILLOW_LICENSE_FILES = LICENSE
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-09-14 13:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-14 13:00 [Buildroot] [git commit branch/2021.05.x] package/python-pillow: security bump to version 8.3.2 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.