NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/python-pillow: security bumo to version 10.3.0

Browse Source 
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because
strcpy is used instead of strncpy.

Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dfaa34ddd3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Angelo Compagnucci 2024-04-25 18:07:32 +02:00 committed by Peter Korsgaard
parent 35e8608c4c
commit 30ce03a445
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package/python-pillow/python-pillow.hash
View File

@ -1,6 +1,6 @@
# md5, sha256 from https://pypi.org/pypi/pillow/json
md5 13de96f9f98bc1c26439d64576a48ac6 pillow-10.2.0.tar.gz
sha256 e87f0b2c78157e12d7686b27d63c070fd65d994e8ddae6f328e0dcf4a0cd007e pillow-10.2.0.tar.gz
# md5, sha256 https://pypi.org/project/pillow/10.3.0/#copy-hash-modal-125abe0d-59be-40cd-89a3-3e2f78136be0
md5 6c21a12849ae42f93881f614d8f6f651 pillow-10.3.0.tar.gz
sha256 9d2455fbf44c914840c793e89aa82d0e1763a14253a000743719ae5946814b2d pillow-10.3.0.tar.gz
# Locally computed sha256 checksums
sha256 e706384c6f299d1b6fa782ae657740b372b4bd7938a1a318bf94ac249114758a LICENSE

4
package/python-pillow/python-pillow.mk
View File

@ -4,8 +4,8 @@
#
################################################################################
PYTHON_PILLOW_VERSION = 10.2.0
PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/f8/3e/32cbd0129a28686621434cbf17bb64bf1458bfb838f1f668262fefce145c
PYTHON_PILLOW_VERSION = 10.3.0
PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/ef/43/c50c17c5f7d438e836c169e343695534c38c77f60e7c90389bd77981bc21
PYTHON_PILLOW_SOURCE = pillow-$(PYTHON_PILLOW_VERSION).tar.gz
PYTHON_PILLOW_LICENSE = HPND
PYTHON_PILLOW_LICENSE_FILES = LICENSE