stable

python-pillow-9.5.0-1.fc38

FEDORA-2023-1a120657f9 created by smani a year ago for Fedora 38

Update to 9.5.0, backport fix for CVE-2023-44271.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-1a120657f9

This update has been submitted for testing by smani.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago
User Icon abhis3k commented & provided feedback a year ago
karma

Works without issues till now

User Icon lbalhar commented & provided feedback a year ago

Unfortunately, the patch bacported from upstream from version 10 to fix the CVE-2023-44271 is not enough for version 9.5 we have in Fedora 38. The problem is that classes in ImageFont module have also getsize method which is deprecated in version 9 and removed in version 10 which means that the fix in version 10 is not applied to these methods and they stay vulnerable in this update.

BZ#2247821 CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument [fedora-all]

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
approved
a year ago
BZ#2247821 CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument [fedora-all]
-1
0

Automated Test Results