Bug#991628: buster-pu: package pillow/5.4.1-2+deb10u2
Control: tags -1 + confirmed
On Thu, 2021-07-29 at 09:54 +0100, Neil Williams wrote:
> Fix for CVE-2021-34552 (#991293) is mitigated by FORTIFY_SOURCE, so
> this upload targets proposed-updates instead of security after
> discussion with Moritz.
>
> Other pending CVEs in pillow for buster have been set to ignored as
> the patches would be too intrusive in buster due mainly to binary
> changes in the test suite support files.
>
> Debdiff is attached.
>
> pillow (5.4.1-2+deb10u3) buster; urgency=medium
> .
> * Non-maintainer upload by the Security Team.
That seems inaccurate.
> [ Moritz Mühlenhoff ]
> * CVE-2020-35653 CVE-2020-35655 CVE-2021-27921 CVE-2021-27922
> CVE-2021-27923 CVE-2021-25290 CVE-2021-25292 CVE-2021-28677
> CVE-2021-28678
> .
> [ Neil Williams ]
> * CVE-2021-34552
>
I'd prefer more verbose changelog entries, but please go ahead.
Regards,
Adam
Reply to: