obsolete

python-pillow-9.5.0-3.fc38

FEDORA-2024-4ef97ebbfc created by smani a year ago for Fedora 38

Backport fix for CVE-2023-50447.


Update patch for CVE-2023-44271

This update has been submitted for testing by smani.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has obsoleted python-pillow-9.5.0-2.fc38, and has inherited its bugs and notes.

a year ago

This update has been pushed to testing.

a year ago
User Icon lbalhar commented & provided feedback a year ago
karma

The patch for CVE-2023-44271 is buggy as I mentioned earlier. The patch uses a function which is not backported as a part of the patch:

File "/usr/lib64/python3.11/site-packages/PIL/ImageFont.py", line 483, in getsize
    _string_length_check(text)
    ^^^^^^^^^^^^^^^^^^^^
NameError: name '_string_length_check' is not defined
BZ#2247821 CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument [fedora-all]
BZ#2259480 TRIAGE CVE-2023-50447 python-pillow: pillow:Arbitrary Code Execution via the environment parameter [fedora-all]

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

a year ago

0 due other users comments

This update can be pushed to stable now if the maintainer wishes

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update's test gating status has been changed to 'waiting'.

11 months ago

This update's test gating status has been changed to 'ignored'.

11 months ago
karma

This update's test gating status has been changed to 'waiting'.

9 months ago

This update's test gating status has been changed to 'ignored'.

9 months ago

This update is marked obsolete because the F38 release is archived.

9 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
-2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Thresholds
Minimum Karma
+1
Minimum Testing
7 days
Dates
submitted
a year ago
in testing
a year ago
BZ#2247821 CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument [fedora-all]
-1
0
BZ#2259480 TRIAGE CVE-2023-50447 python-pillow: pillow:Arbitrary Code Execution via the environment parameter [fedora-all]
0
1

Automated Test Results