Re: [Buildroot] [PATCH 1/1] package/python-pillow: security bump to version 9.1.1

From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>,
	Asaf Kahlon <asafka7@gmail.com>,
	buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/python-pillow: security bump to version 9.1.1
Date: Sat, 16 Jul 2022 17:41:47 +0200	[thread overview]
Message-ID: <20220716154147.GJ2543@scaer> (raw)
In-Reply-To: <20220613211419.296864-1-fontaine.fabrice@gmail.com>

Fabrice, All,

On 2022-06-13 23:14 +0200, Fabrice Fontaine spake thusly:
> This release addresses several security problems including
> CVE-2022-30595.
> 
> https://github.com/python-pillow/Pillow/releases/tag/9.1.1

Thanks for the reference, but Peter applied a later patch.

Regards,
Yann E. MORIN.

> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/python-pillow/python-pillow.hash | 4 ++--
>  package/python-pillow/python-pillow.mk   | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/package/python-pillow/python-pillow.hash b/package/python-pillow/python-pillow.hash
> index 2e259c1caf..ff23ed6299 100644
> --- a/package/python-pillow/python-pillow.hash
> +++ b/package/python-pillow/python-pillow.hash
> @@ -1,6 +1,6 @@
>  # md5, sha256 from https://pypi.org/pypi/pillow/json
> -md5  a9ebd39b3482993474872757d317e26f  Pillow-9.1.0.tar.gz
> -sha256  f401ed2bbb155e1ade150ccc63db1a4f6c1909d3d378f7d1235a44e90d75fb97  Pillow-9.1.0.tar.gz
> +md5  f0d347298e72b403fbc3198677f394bb  Pillow-9.1.1.tar.gz
> +sha256  7502539939b53d7565f3d11d87c78e7ec900d3c72945d4ee0e2f250d598309a0  Pillow-9.1.1.tar.gz
>  
>  # Locally computed sha256 checksums
>  sha256  a6554cb737ba6c9b47d3301f78de03b4ed0d3f08d6cf9400714f3d4c894f6943  LICENSE
> diff --git a/package/python-pillow/python-pillow.mk b/package/python-pillow/python-pillow.mk
> index 2abe5e04ef..8c9cb86863 100644
> --- a/package/python-pillow/python-pillow.mk
> +++ b/package/python-pillow/python-pillow.mk
> @@ -4,8 +4,8 @@
>  #
>  ################################################################################
>  
> -PYTHON_PILLOW_VERSION = 9.1.0
> -PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/4b/83/090146d7871d90a2643d469c319c1d014e41b315ab5cf0f8b4b6a764ef31
> +PYTHON_PILLOW_VERSION = 9.1.1
> +PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/43/6e/59853546226ee6200f9ba6e574d11604b60ad0754d2cbd1c8f3246b70418
>  PYTHON_PILLOW_SOURCE = Pillow-$(PYTHON_PILLOW_VERSION).tar.gz
>  PYTHON_PILLOW_LICENSE = HPND
>  PYTHON_PILLOW_LICENSE_FILES = LICENSE
> -- 
> 2.35.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot