Bug#991628: buster-pu: package pillow/5.4.1-2+deb10u2

To: Neil Williams <codehelp@debian.org>, 991628@bugs.debian.org
Subject: Bug#991628: buster-pu: package pillow/5.4.1-2+deb10u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 04 Dec 2021 17:49:52 +0000
Message-id: <[🔎] 474d280719636f035545d6d844d21becc4e95a18.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 991628@bugs.debian.org
In-reply-to: <162754888736.12047.14103037552376018308.reportbug@felix.codehelp>
References: <162754888736.12047.14103037552376018308.reportbug@felix.codehelp> <162754888736.12047.14103037552376018308.reportbug@felix.codehelp>

Control: tags -1 + confirmed

On Thu, 2021-07-29 at 09:54 +0100, Neil Williams wrote:
> Fix for CVE-2021-34552 (#991293) is mitigated by FORTIFY_SOURCE, so
> this upload targets proposed-updates instead of security after
> discussion with Moritz.
> 
> Other pending CVEs in pillow for buster have been set to ignored as 
> the patches would be too intrusive in buster due mainly to binary 
> changes in the test suite support files.
> 
> Debdiff is attached.
> 
>  pillow (5.4.1-2+deb10u3) buster; urgency=medium
>  .
>    * Non-maintainer upload by the Security Team.

That seems inaccurate.

>    [ Moritz Mühlenhoff ]
>    * CVE-2020-35653 CVE-2020-35655 CVE-2021-27921 CVE-2021-27922
>      CVE-2021-27923 CVE-2021-25290 CVE-2021-25292 CVE-2021-28677
>      CVE-2021-28678
>  .
>    [ Neil Williams ]
>    * CVE-2021-34552
> 

I'd prefer more verbose changelog entries, but please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: Bug#992546: buster-pu: package detox/1.3.0-4+deb10u1
Next by Date: Processed: Re: Bug#991628: buster-pu: package pillow/5.4.1-2+deb10u2
Previous by thread: Processed: Re: Bug#992546: buster-pu: package detox/1.3.0-4+deb10u1
Next by thread: Processed: Re: Bug#991628: buster-pu: package pillow/5.4.1-2+deb10u2
Index(es):
- Date
- Thread