The patch for CVE-2023-44271 is buggy as I mentioned earlier. The patch uses a function which is not backported as a part of the patch:
File "/usr/lib64/python3.11/site-packages/PIL/ImageFont.py", line 483, in getsize
_string_length_check(text)
^^^^^^^^^^^^^^^^^^^^
NameError: name '_string_length_check' is not defined
BZ#2247821 CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument [fedora-all]
BZ#2259480 TRIAGE CVE-2023-50447 python-pillow: pillow:Arbitrary Code Execution via the environment parameter [fedora-all]
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
BZ#2247821 CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument [fedora-all]
-1
0
BZ#2259480 TRIAGE CVE-2023-50447 python-pillow: pillow:Arbitrary Code Execution via the environment parameter [fedora-all]
This update has been submitted for testing by smani.
This update's test gating status has been changed to 'ignored'.
This update has obsoleted python-pillow-9.5.0-2.fc38, and has inherited its bugs and notes.
This update has been pushed to testing.
The patch for CVE-2023-44271 is buggy as I mentioned earlier. The patch uses a function which is not backported as a part of the patch:
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
0 due other users comments
This update can be pushed to stable now if the maintainer wishes
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update is marked obsolete because the F38 release is archived.