29481 – python-pillow new security issue CVE-2021-23437

Bug 29481 - python-pillow new security issue CVE-2021-23437

Summary: python-pillow new security issue CVE-2021-23437

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-09-21 18:08 CEST by David Walser
Modified:	2021-09-29 19:24 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	python-pillow-8.1.2-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-09-21 18:08:05 CEST

Fedora has issued an advisory today (September 21):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7PEL3LILZIAJEHEOKL5DLPXF7IMFYUV7/

The issue is fixed upstream in 8.3.2.

Mageia 8 is also affected.

David Walser 2021-09-21 18:08:28 CEST

Assignee: bugsquad => python
Whiteboard: (none) => MGA8TOO
CC: (none) => jani.valimaa
Status comment: (none) => Fixed upstream in 8.3.2

Comment 1 Nicolas Lécureuil 2021-09-22 15:28:10 CEST

New version pushed in mageia 9

CC: (none) => mageia
Whiteboard: MGA8TOO => (none)
Status comment: Fixed upstream in 8.3.2 => (none)
Version: Cauldron => 8

Comment 2 Nicolas Lécureuil 2021-09-22 15:31:52 CEST

Fix pushed in mga8

src:
    - python-pillow-8.1.2-1.1.mga8

Assignee: python => qa-bugs

Comment 3 David Walser 2021-09-22 15:36:43 CEST

python3-pillow-tk-8.1.2-1.1.mga8
python3-pillow-devel-8.1.2-1.1.mga8
python3-pillow-qt-8.1.2-1.1.mga8
python3-pillow-8.1.2-1.1.mga8
python3-pillow-doc-8.1.2-1.1.mga8

from python-pillow-8.1.2-1.1.mga8.src.rpm

Comment 4 Herman Viaene 2021-09-25 17:03:26 CEST

MGA8-64 Plasma on Lenovo B50
No installation issues.
As with other developer's tools, OK on clean install.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 5 Thomas Andrews 2021-09-27 14:10:48 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2021-09-29 17:56:34 CEST

Keywords: (none) => advisory

Comment 6 Mageia Robot 2021-09-29 19:24:12 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0448.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.