package/python-pillow: security bumo to version 10.3.0

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-04-25 18:07:32 +02:00 · 2024-04-25 18:07:32 +02:00 · dfaa34ddd3
commit dfaa34ddd3
parent 32753c6f9d
2 changed files with 5 additions and 5 deletions
--- a/package/python-pillow/python-pillow.hash
+++ b/package/python-pillow/python-pillow.hash
@ -1,6 +1,6 @@
-# md5, sha256 from https://pypi.org/pypi/pillow/json
+# md5, sha256 https://pypi.org/project/pillow/10.3.0/#copy-hash-modal-125abe0d-59be-40cd-89a3-3e2f78136be0
-md5  13de96f9f98bc1c26439d64576a48ac6  pillow-10.2.0.tar.gz
+md5  6c21a12849ae42f93881f614d8f6f651  pillow-10.3.0.tar.gz
-sha256  e87f0b2c78157e12d7686b27d63c070fd65d994e8ddae6f328e0dcf4a0cd007e  pillow-10.2.0.tar.gz
+sha256  9d2455fbf44c914840c793e89aa82d0e1763a14253a000743719ae5946814b2d  pillow-10.3.0.tar.gz
 # Locally computed sha256 checksums
 sha256  e706384c6f299d1b6fa782ae657740b372b4bd7938a1a318bf94ac249114758a  LICENSE
--- a/package/python-pillow/python-pillow.mk
+++ b/package/python-pillow/python-pillow.mk
@ -4,8 +4,8 @@
 #
 ################################################################################
-PYTHON_PILLOW_VERSION = 10.2.0
+PYTHON_PILLOW_VERSION = 10.3.0
-PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/f8/3e/32cbd0129a28686621434cbf17bb64bf1458bfb838f1f668262fefce145c
+PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/ef/43/c50c17c5f7d438e836c169e343695534c38c77f60e7c90389bd77981bc21
 PYTHON_PILLOW_SOURCE = pillow-$(PYTHON_PILLOW_VERSION).tar.gz
 PYTHON_PILLOW_LICENSE = HPND
 PYTHON_PILLOW_LICENSE_FILES = LICENSE