obsolete

python-pillow-9.5.0-3.fc38

FEDORA-2024-4ef97ebbfc created by smani 2 years ago for Fedora 38

Backport fix for CVE-2023-50447.

Update patch for CVE-2023-44271

This update has been submitted for testing by smani.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has obsoleted python-pillow-9.5.0-2.fc38, and has inherited its bugs and notes.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon lbalhar commented & provided feedback 2 years ago
karma

The patch for CVE-2023-44271 is buggy as I mentioned earlier. The patch uses a function which is not backported as a part of the patch:

File "/usr/lib64/python3.11/site-packages/PIL/ImageFont.py", line 483, in getsize
    _string_length_check(text)
    ^^^^^^^^^^^^^^^^^^^^
NameError: name '_string_length_check' is not defined
BZ#2247821 CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument [fedora-all]
BZ#2259480 TRIAGE CVE-2023-50447 python-pillow: pillow:Arbitrary Code Execution via the environment parameter [fedora-all]

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

2 years ago
User Icon filiperosset commented 2 years ago

0 due other users comments

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago
User Icon geraldosimiao provided feedback 2 years ago
karma

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update is marked obsolete because the F38 release is archived.

2 years ago

Please log in to add feedback.

Metadata
Type
security
Severity
high
Karma
-2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Thresholds
Minimum Karma
+1
Minimum Testing
7 days
Dates
submitted
2 years ago
in testing
2 years ago
Builds
1
python-pillow-9.5.0-3.fc38
BZ#2247821 CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument [fedora-all]
-1
0
BZ#2259480 TRIAGE CVE-2023-50447 python-pillow: pillow:Arbitrary Code Execution via the environment parameter [fedora-all]
0
1
python-pillow-9.5.0-3.fc38

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 26.4.0 on bodhi-web-79764b86cc-lz9rn.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy