Summary: | <dev-python/pillow-8.3.0: buffer overflow (CVE-2021-34552) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | mgorny, python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow | ||
Whiteboard: | A2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 811450 | ||
Bug Blocks: |
Description
John Helmert III
2021-07-14 02:52:49 UTC
sparc stable amd64 done x86 done arm64 done Ping. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11523faea2b3008fd55f6c371dd218267d91cb6f commit 11523faea2b3008fd55f6c371dd218267d91cb6f Author: Sam James <sam@gentoo.org> AuthorDate: 2021-10-16 02:27:26 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-10-16 02:27:26 +0000 dev-python/pillow: add USE=truetype to test REQUIRED_USE See 11131c2b5d5252fdca56643a4b976c6ac0ca11ea. Bug: https://bugs.gentoo.org/show_bug.cgi?id=811453 Bug: https://bugs.gentoo.org/802090 Signed-off-by: Sam James <sam@gentoo.org> dev-python/pillow/pillow-8.3.0.ebuild | 2 +- dev-python/pillow/pillow-8.3.1.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) arm done Ping ppc, ppc64 Resetting sanity check; package list is empty or all packages are done. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=489350a86a27cbf30814583641081d7f76bad69a commit 489350a86a27cbf30814583641081d7f76bad69a Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-11-14 08:08:10 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-11-14 08:16:38 +0000 dev-python/pillow: Remove old Bug: https://bugs.gentoo.org/811450 Bug: https://bugs.gentoo.org/802090 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/pillow/Manifest | 3 -- dev-python/pillow/pillow-8.2.0.ebuild | 98 ----------------------------------- dev-python/pillow/pillow-8.3.0.ebuild | 98 ----------------------------------- dev-python/pillow/pillow-8.3.1.ebuild | 98 ----------------------------------- 4 files changed, 297 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=65e54c1c2d5aa2b4a2012ca5e8d6771961ac4118 commit 65e54c1c2d5aa2b4a2012ca5e8d6771961ac4118 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-11-22 03:53:26 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-22 03:59:40 +0000 [ GLSA 202211-10 ] Pillow: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/802090 Bug: https://bugs.gentoo.org/811450 Bug: https://bugs.gentoo.org/830934 Bug: https://bugs.gentoo.org/832598 Bug: https://bugs.gentoo.org/855683 Bug: https://bugs.gentoo.org/878769 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202211-10.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) GLSA released, all done! |