obsolete

python-pillow-9.5.0-3.fc38

FEDORA-2024-4ef97ebbfc created by smani 8 months ago for Fedora 38

Backport fix for CVE-2023-50447.


Update patch for CVE-2023-44271

This update has been submitted for testing by smani.

8 months ago

This update's test gating status has been changed to 'ignored'.

8 months ago

This update has obsoleted python-pillow-9.5.0-2.fc38, and has inherited its bugs and notes.

8 months ago

This update has been pushed to testing.

8 months ago
User Icon lbalhar commented & provided feedback 8 months ago
karma

The patch for CVE-2023-44271 is buggy as I mentioned earlier. The patch uses a function which is not backported as a part of the patch:

File "/usr/lib64/python3.11/site-packages/PIL/ImageFont.py", line 483, in getsize
    _string_length_check(text)
    ^^^^^^^^^^^^^^^^^^^^
NameError: name '_string_length_check' is not defined
BZ#2247821 CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument [fedora-all]
BZ#2259480 TRIAGE CVE-2023-50447 python-pillow: pillow:Arbitrary Code Execution via the environment parameter [fedora-all]

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

8 months ago

0 due other users comments

This update can be pushed to stable now if the maintainer wishes

7 months ago

This update's test gating status has been changed to 'waiting'.

7 months ago

This update's test gating status has been changed to 'ignored'.

7 months ago

This update's test gating status has been changed to 'waiting'.

7 months ago

This update's test gating status has been changed to 'ignored'.

7 months ago

This update's test gating status has been changed to 'waiting'.

6 months ago

This update's test gating status has been changed to 'ignored'.

6 months ago
karma

This update's test gating status has been changed to 'waiting'.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update is marked obsolete because the F38 release is archived.

4 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
-2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
8 months ago
in testing
8 months ago
BZ#2247821 CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument [fedora-all]
-1
0
BZ#2259480 TRIAGE CVE-2023-50447 python-pillow: pillow:Arbitrary Code Execution via the environment parameter [fedora-all]
0
1

Automated Test Results