Summary: | <dev-python/pillow-8.1.1: Multiple vulnerabilities (CVE-2021-{25289,25290,25291,25292,25293) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mgorny, python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 774387 | ||
Bug Blocks: |
Description
Sam James
2021-03-01 11:33:09 UTC
Please bump to 8.1.1. Unable to check for sanity:
> no match for package: dev-python/pillow-8.1.1
All sanity-check issues have been resolved x86 stable amd64 done arm done ppc done ppc64 done sparc done arm64 done all arches done Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39b2f71aefaa6de7ff40d0850fe8eb6409eb828e commit 39b2f71aefaa6de7ff40d0850fe8eb6409eb828e Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-03-02 08:41:56 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-03-02 08:43:52 +0000 dev-python/pillow: Remove old Bug: https://bugs.gentoo.org/773559 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/pillow/Manifest | 1 - dev-python/pillow/pillow-8.1.0.ebuild | 98 ----------------------------------- 2 files changed, 99 deletions(-) A few more CVEs appear to be covered by this release which reference the Pillow-8.1.1 release notes, but the release notes do not reference the CVEs. (In reply to John Helmert III from comment #13) > A few more CVEs appear to be covered by this release which reference the > Pillow-8.1.1 release notes, but the release notes do not reference the CVEs. This turned out to be 8.1.2 instead: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html. GLSA request filed. This issue was resolved and addressed in GLSA 202107-33 at https://security.gentoo.org/glsa/202107-33 by GLSA coordinator John Helmert III (ajak). |