That CVE was announced here: https://www.openwall.com/lists/oss-security/2024/01/20/1 Mageia 9 is also affected.
CVE: (none) => CVE-2023-50447Source RPM: (none) => python-pillow-10.0.1-3.mga10.src.rpmWhiteboard: (none) => MGA9TOO
So fixed by new release 10.2.0. Assigning to Python group.
Assignee: bugsquad => pythonStatus comment: (none) => Pillow 10.2.0 released, fixes CVE-2023-50447
Done for cauldron
Whiteboard: MGA9TOO => (none)Version: Cauldron => 9CC: (none) => yvesbrungard
Breaks pysol. On Mageia 9 ... $ pysol pygame 2.1.2 (SDL 2.26.3, Python 3.10.11) Hello from the pygame community. https://www.pygame.org/contribute.html Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/pysollib/app.py", line 701, in loadCardset if not images.load(app=self, progress=progress): File "/usr/lib/python3.10/site-packages/pysollib/images.py", line 208, in load bottom = self.__loadBottom(name, color='black') File "/usr/lib/python3.10/site-packages/pysollib/images.py", line 127, in __loadBottom img = createBottom(self._card[0], color, fn) File "/usr/lib/python3.10/site-packages/pysollib/ui/tktile/tkutil.py", line 478, in createBottom out = _createBottomImage(maskimage, color, backfile) File "/usr/lib/python3.10/site-packages/pysollib/ui/tktile/tkutil.py", line 459, in _createBottomImage mask = out.resize(size, Image.ANTIALIAS) AttributeError: module 'PIL.Image' has no attribute 'ANTIALIAS' Traceback (most recent call last): File "/usr/games/pysol", line 41, in <module> sys.exit(main(sys.argv)) File "/usr/lib/python3.10/site-packages/pysollib/main.py", line 438, in main app.mainloop() File "/usr/lib/python3.10/site-packages/pysollib/app.py", line 185, in mainloop approc = self.mainproc() # setup process File "/usr/lib/python3.10/site-packages/pysollib/app.py", line 354, in mainproc self.menubar = PysolMenubar(self, self.top, File "/usr/lib/python3.10/site-packages/pysollib/actions.py", line 86, in __init__ PysolMenubarTk.__init__(self, app, top, progress) File "/usr/lib/python3.10/site-packages/pysollib/tile/menubar.py", line 48, in __init__ PysolMenubarTkCommon.__init__(self, app, top, progress) File "/usr/lib/python3.10/site-packages/pysollib/ui/tktile/menubar.py", line 131, in __init__ self._setOptions() File "/usr/lib/python3.10/site-packages/pysollib/tile/menubar.py", line 51, in _setOptions PysolMenubarTkCommon._setOptions(self) File "/usr/lib/python3.10/site-packages/pysollib/ui/tktile/menubar.py", line 240, in _setOptions tkopt.cardback.set(self.app.cardset.backindex) AttributeError: 'NoneType' object has no attribute 'backindex' Exception ignored in: <function AbstractAudioClient.__del__ at 0xffff82887e20> Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/pysollib/pysolaudio.py", line 58, in __del__ File "/usr/lib/python3.10/site-packages/pysollib/pysolaudio.py", line 80, in destroy File "/usr/lib/python3.10/site-packages/pysollib/pysolaudio.py", line 589, in _destroy pygame.error: mixer not initialized To downgrade to the working version urpmi --downgrade python3-pillow-9.2.0-3.mga9 python3-pillow-tk-9.2.0-3.mga9
CC: (none) => davidwhodgins
Thanks David. I have asked sysadmins to withdraw 10.2.0 from 9/testing I have prepared 9.2.0 with a patch, but can't be built for now.
I've removed 10.2.0 from 9/updates_testing
CC: (none) => dan
Submitted: Source: python-pillow-9.2.0-3.1.mga9 RPMS: python3-pillow-tk-9.2.0-3.1.mga9 python3-pillow-qt-9.2.0-3.1.mga9 python3-pillow-devel-9.2.0-3.1.mga9 python3-pillow-9.2.0-3.1.mga9 python3-pillow-doc-9.2.0-3.1.mga9
Status comment: Pillow 10.2.0 released, fixes CVE-2023-50447 => (none)Assignee: python => qa-bugs
$ rpm -qa|grep python3-pillow python3-pillow-9.2.0-3.1.mga9 python3-pillow-tk-9.2.0-3.1.mga9 $ rpm -q -i python3-pillow |grep ^Source Source RPM : python-pillow-9.2.0-3.1.mga9.src.rpm pysol working. Tested on x86-64 and aarch64. Validating.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA9-64-OKCC: (none) => sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => marja11
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0018.html
Status: NEW => RESOLVEDResolution: (none) => FIXED