31016 – python-imageio downloads vulnerable freeimage library

Bug 31016 - python-imageio downloads vulnerable freeimage library

Summary: python-imageio downloads vulnerable freeimage library

Status:	NEW

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Python Stack Maintainers
QA Contact:	Sec team

URL:
Whiteboard:	MGA8TOO
Keywords:

Depends on:
Blocks:

Reported:	2022-10-24 17:18 CEST by David Walser
Modified:	2022-10-26 15:10 CEST (History)
CC List:	0 users

See Also:
Source RPM:	python-imageio-2.9.0-4.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-10-24 17:18:24 CEST

See these upstream issues:
https://github.com/imageio/imageio/issues/891
https://github.com/imageio/imageio/issues/892

Whatever solution upstream comes up with will need to be backported.

David Walser 2022-10-24 17:18:32 CEST

Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2022-10-26 09:02:09 CEST

Assigning to the Python maintainers in advance. It can be revived when the necessary info becomes available (and noticed).

Status: NEW => NEEDINFO
Assignee: bugsquad => python

David Walser 2022-10-26 15:10:08 CEST

Status: NEEDINFO => NEW

Note You need to log in before you can comment on or make changes to this bug.