[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25
|
From: |
Maxime Devos |
|
Subject: |
bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25293 |
|
Date: |
Wed, 23 Mar 2022 13:39:25 +0100 |
|
User-agent: |
Evolution 3.38.3-1 |
Maxim Cournoyer schreef op di 22-03-2022 om 22:57 [-0400]:
> Léo Le Bouter <lle-bout@zaclys.net> writes:
>
> > Hello!
> >
> > pillow-simd is a fork of pillow (
> > https://github.com/uploadcare/pillow-simd), it's currently still at
> > version 7.x and it does not seem like it backports security patches
> > from pillow.
>
> Thanks for the heads-up; our package is currently at 9.0.0, and I've
> just updated it to 9.0.0.post1.
Something went wrong
<https://git.savannah.gnu.org/cgit/guix.git/commit/?id=4a828263791ebb8ed8f8104e015a8f467008fc76>:
the version in the version field contains a "v" prefix which is dropped
in Guix.
Additionally, the package name is missing from the commit message,
though that cannot be corrected retroactively.
WDYT of removing the "v", and changing the "commit" field to
(commit (string-append "v" version))
?
Greetings,
Maxime.
signature.asc
Description: This is a digitally signed message part