* [Buildroot] [PATCH 1/1] package/python-pillow: security bump to version 9.1.1
@ 2022-06-13 21:14 Fabrice Fontaine
2022-07-16 15:41 ` Yann E. MORIN
0 siblings, 1 reply; 2+ messages in thread
From: Fabrice Fontaine @ 2022-06-13 21:14 UTC (permalink / raw)
To: buildroot; +Cc: Angelo Compagnucci, Fabrice Fontaine, Asaf Kahlon
This release addresses several security problems including
CVE-2022-30595.
https://github.com/python-pillow/Pillow/releases/tag/9.1.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/python-pillow/python-pillow.hash | 4 ++--
package/python-pillow/python-pillow.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/python-pillow/python-pillow.hash b/package/python-pillow/python-pillow.hash
index 2e259c1caf..ff23ed6299 100644
--- a/package/python-pillow/python-pillow.hash
+++ b/package/python-pillow/python-pillow.hash
@@ -1,6 +1,6 @@
# md5, sha256 from https://pypi.org/pypi/pillow/json
-md5 a9ebd39b3482993474872757d317e26f Pillow-9.1.0.tar.gz
-sha256 f401ed2bbb155e1ade150ccc63db1a4f6c1909d3d378f7d1235a44e90d75fb97 Pillow-9.1.0.tar.gz
+md5 f0d347298e72b403fbc3198677f394bb Pillow-9.1.1.tar.gz
+sha256 7502539939b53d7565f3d11d87c78e7ec900d3c72945d4ee0e2f250d598309a0 Pillow-9.1.1.tar.gz
# Locally computed sha256 checksums
sha256 a6554cb737ba6c9b47d3301f78de03b4ed0d3f08d6cf9400714f3d4c894f6943 LICENSE
diff --git a/package/python-pillow/python-pillow.mk b/package/python-pillow/python-pillow.mk
index 2abe5e04ef..8c9cb86863 100644
--- a/package/python-pillow/python-pillow.mk
+++ b/package/python-pillow/python-pillow.mk
@@ -4,8 +4,8 @@
#
################################################################################
-PYTHON_PILLOW_VERSION = 9.1.0
-PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/4b/83/090146d7871d90a2643d469c319c1d014e41b315ab5cf0f8b4b6a764ef31
+PYTHON_PILLOW_VERSION = 9.1.1
+PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/43/6e/59853546226ee6200f9ba6e574d11604b60ad0754d2cbd1c8f3246b70418
PYTHON_PILLOW_SOURCE = Pillow-$(PYTHON_PILLOW_VERSION).tar.gz
PYTHON_PILLOW_LICENSE = HPND
PYTHON_PILLOW_LICENSE_FILES = LICENSE
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/python-pillow: security bump to version 9.1.1
2022-06-13 21:14 [Buildroot] [PATCH 1/1] package/python-pillow: security bump to version 9.1.1 Fabrice Fontaine
@ 2022-07-16 15:41 ` Yann E. MORIN
0 siblings, 0 replies; 2+ messages in thread
From: Yann E. MORIN @ 2022-07-16 15:41 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Angelo Compagnucci, Asaf Kahlon, buildroot
Fabrice, All,
On 2022-06-13 23:14 +0200, Fabrice Fontaine spake thusly:
> This release addresses several security problems including
> CVE-2022-30595.
>
> https://github.com/python-pillow/Pillow/releases/tag/9.1.1
Thanks for the reference, but Peter applied a later patch.
Regards,
Yann E. MORIN.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/python-pillow/python-pillow.hash | 4 ++--
> package/python-pillow/python-pillow.mk | 4 ++--
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/package/python-pillow/python-pillow.hash b/package/python-pillow/python-pillow.hash
> index 2e259c1caf..ff23ed6299 100644
> --- a/package/python-pillow/python-pillow.hash
> +++ b/package/python-pillow/python-pillow.hash
> @@ -1,6 +1,6 @@
> # md5, sha256 from https://pypi.org/pypi/pillow/json
> -md5 a9ebd39b3482993474872757d317e26f Pillow-9.1.0.tar.gz
> -sha256 f401ed2bbb155e1ade150ccc63db1a4f6c1909d3d378f7d1235a44e90d75fb97 Pillow-9.1.0.tar.gz
> +md5 f0d347298e72b403fbc3198677f394bb Pillow-9.1.1.tar.gz
> +sha256 7502539939b53d7565f3d11d87c78e7ec900d3c72945d4ee0e2f250d598309a0 Pillow-9.1.1.tar.gz
>
> # Locally computed sha256 checksums
> sha256 a6554cb737ba6c9b47d3301f78de03b4ed0d3f08d6cf9400714f3d4c894f6943 LICENSE
> diff --git a/package/python-pillow/python-pillow.mk b/package/python-pillow/python-pillow.mk
> index 2abe5e04ef..8c9cb86863 100644
> --- a/package/python-pillow/python-pillow.mk
> +++ b/package/python-pillow/python-pillow.mk
> @@ -4,8 +4,8 @@
> #
> ################################################################################
>
> -PYTHON_PILLOW_VERSION = 9.1.0
> -PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/4b/83/090146d7871d90a2643d469c319c1d014e41b315ab5cf0f8b4b6a764ef31
> +PYTHON_PILLOW_VERSION = 9.1.1
> +PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/43/6e/59853546226ee6200f9ba6e574d11604b60ad0754d2cbd1c8f3246b70418
> PYTHON_PILLOW_SOURCE = Pillow-$(PYTHON_PILLOW_VERSION).tar.gz
> PYTHON_PILLOW_LICENSE = HPND
> PYTHON_PILLOW_LICENSE_FILES = LICENSE
> --
> 2.35.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-07-16 15:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-13 21:14 [Buildroot] [PATCH 1/1] package/python-pillow: security bump to version 9.1.1 Fabrice Fontaine
2022-07-16 15:41 ` Yann E. MORIN
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.