obsolete

python-pillow-9.5.0-3.fc38

FEDORA-2024-4ef97ebbfc created by smani a year ago for Fedora 38

Backport fix for CVE-2023-50447.


Update patch for CVE-2023-44271

This update has been submitted for testing by smani.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has obsoleted python-pillow-9.5.0-2.fc38, and has inherited its bugs and notes.

a year ago

This update has been pushed to testing.

a year ago
User Icon lbalhar commented & provided feedback a year ago
karma

The patch for CVE-2023-44271 is buggy as I mentioned earlier. The patch uses a function which is not backported as a part of the patch:

File "/usr/lib64/python3.11/site-packages/PIL/ImageFont.py", line 483, in getsize
    _string_length_check(text)
    ^^^^^^^^^^^^^^^^^^^^
NameError: name '_string_length_check' is not defined
BZ#2247821 CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument [fedora-all]
BZ#2259480 TRIAGE CVE-2023-50447 python-pillow: pillow:Arbitrary Code Execution via the environment parameter [fedora-all]

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

a year ago

0 due other users comments

This update can be pushed to stable now if the maintainer wishes

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago
karma

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update is marked obsolete because the F38 release is archived.

a year ago

Please log in to add feedback.

Metadata
Type
security
Severity
high
Karma
-2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Thresholds
Minimum Karma
+1
Minimum Testing
7 days
Dates
submitted
a year ago
in testing
a year ago
BZ#2247821 CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument [fedora-all]
-1
0
BZ#2259480 TRIAGE CVE-2023-50447 python-pillow: pillow:Arbitrary Code Execution via the environment parameter [fedora-all]
0
1

Automated Test Results