Bug 32756

So fixed by new release 10.2.0. Assigning to Python group.

Assignee: bugsquad => python
Status comment: (none) => Pillow 10.2.0 released, fixes CVE-2023-50447

Done for cauldron

Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9
CC: (none) => yvesbrungard

Breaks pysol. On Mageia 9 ...
$ pysol 
pygame 2.1.2 (SDL 2.26.3, Python 3.10.11)
Hello from the pygame community. https://www.pygame.org/contribute.html
Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/pysollib/app.py", line 701, in loadCardset
    if not images.load(app=self, progress=progress):
  File "/usr/lib/python3.10/site-packages/pysollib/images.py", line 208, in load
    bottom = self.__loadBottom(name, color='black')
  File "/usr/lib/python3.10/site-packages/pysollib/images.py", line 127, in __loadBottom
    img = createBottom(self._card[0], color, fn)
  File "/usr/lib/python3.10/site-packages/pysollib/ui/tktile/tkutil.py", line 478, in createBottom
    out = _createBottomImage(maskimage, color, backfile)
  File "/usr/lib/python3.10/site-packages/pysollib/ui/tktile/tkutil.py", line 459, in _createBottomImage
    mask = out.resize(size, Image.ANTIALIAS)
AttributeError: module 'PIL.Image' has no attribute 'ANTIALIAS'
Traceback (most recent call last):
  File "/usr/games/pysol", line 41, in <module>
    sys.exit(main(sys.argv))
  File "/usr/lib/python3.10/site-packages/pysollib/main.py", line 438, in main
    app.mainloop()
  File "/usr/lib/python3.10/site-packages/pysollib/app.py", line 185, in mainloop
    approc = self.mainproc()  # setup process
  File "/usr/lib/python3.10/site-packages/pysollib/app.py", line 354, in mainproc
    self.menubar = PysolMenubar(self, self.top,
  File "/usr/lib/python3.10/site-packages/pysollib/actions.py", line 86, in __init__
    PysolMenubarTk.__init__(self, app, top, progress)
  File "/usr/lib/python3.10/site-packages/pysollib/tile/menubar.py", line 48, in __init__
    PysolMenubarTkCommon.__init__(self, app, top, progress)
  File "/usr/lib/python3.10/site-packages/pysollib/ui/tktile/menubar.py", line 131, in __init__
    self._setOptions()
  File "/usr/lib/python3.10/site-packages/pysollib/tile/menubar.py", line 51, in _setOptions
    PysolMenubarTkCommon._setOptions(self)
  File "/usr/lib/python3.10/site-packages/pysollib/ui/tktile/menubar.py", line 240, in _setOptions
    tkopt.cardback.set(self.app.cardset.backindex)
AttributeError: 'NoneType' object has no attribute 'backindex'
Exception ignored in: <function AbstractAudioClient.__del__ at 0xffff82887e20>
Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/pysollib/pysolaudio.py", line 58, in __del__
  File "/usr/lib/python3.10/site-packages/pysollib/pysolaudio.py", line 80, in destroy
  File "/usr/lib/python3.10/site-packages/pysollib/pysolaudio.py", line 589, in _destroy
pygame.error: mixer not initialized

To downgrade to the working version
urpmi --downgrade python3-pillow-9.2.0-3.mga9 python3-pillow-tk-9.2.0-3.mga9

CC: (none) => davidwhodgins

Thanks David.
I have asked sysadmins to withdraw 10.2.0 from 9/testing
I have prepared 9.2.0 with a patch, but can't be built for now.

I've removed 10.2.0 from 9/updates_testing

CC: (none) => dan

Submitted:
Source:
python-pillow-9.2.0-3.1.mga9
RPMS:
python3-pillow-tk-9.2.0-3.1.mga9
python3-pillow-qt-9.2.0-3.1.mga9
python3-pillow-devel-9.2.0-3.1.mga9
python3-pillow-9.2.0-3.1.mga9
python3-pillow-doc-9.2.0-3.1.mga9

Status comment: Pillow 10.2.0 released, fixes CVE-2023-50447 => (none)
Assignee: python => qa-bugs

$ rpm -qa|grep  python3-pillow 
python3-pillow-9.2.0-3.1.mga9
python3-pillow-tk-9.2.0-3.1.mga9

$ rpm -q -i python3-pillow |grep ^Source
Source RPM  : python-pillow-9.2.0-3.1.mga9.src.rpm

pysol working. Tested on x86-64 and aarch64.

Validating.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-64-OK
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0018.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED