bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25

From:	Léo Le Bouter
Subject:	bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25293
Date:	Fri, 19 Mar 2021 11:37:09 +0100
User-agent:	Evolution 3.34.2

Hello!

pillow-simd is a fork of pillow (
https://github.com/uploadcare/pillow-simd), it's currently still at
version 7.x and it does not seem like it backports security patches
from pillow.

$ ./pre-inst-env guix refresh -l python-pillow-simd
No dependents other than itself: python-pillow-simd@7.1.2

Do we remove it? Do we want to commit to backporting/applying all fixes
from python-pillow back in python-pillow-simd ourselves (I don't)?

Léo

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25293, Léo Le Bouter <=

Prev by Date: bug#47258: guix pull bug: the program '/gnu/store/...-compute-guix-derivation' failed to compute the derivation for Guix
Next by Date: bug#47228: Check binary consistency after grafting with e.g. ldd
Previous by thread: bug#47258: guix pull bug: the program '/gnu/store/...-compute-guix-derivation' failed to compute the derivation for Guix
Next by thread: bug#47260: Package GNU MediaGoblin as a Guix service
Index(es):
- Date
- Thread