Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

python3.pkgs.pillow: 10.0.0 -> 10.0.1 #255858

Merged
merged 1 commit into from
Sep 21, 2023
Merged

python3.pkgs.pillow: 10.0.0 -> 10.0.1 #255858

merged 1 commit into from
Sep 21, 2023

Conversation

trofi
Copy link
Contributor

@trofi trofi commented Sep 18, 2023
edited
Loading

Changes: https://github.com/python-pillow/Pillow/releases/tag/10.0.1

Description of changes

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.11 Release Notes (or backporting 23.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@trofi trofi mentioned this pull request Sep 18, 2023
Merged
14 tasks
@ofborg ofborg bot requested review from prikhi and cillianderoiste September 18, 2023 11:04
@sumnerevans sumnerevans added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Sep 19, 2023
@delroth delroth added the 12.approvals: 1 This PR was reviewed and approved by one reputable person label Sep 19, 2023
@risicle
Copy link
Contributor

risicle commented Sep 20, 2023

This release addresses CVE-2023-4863, by providing an updated install script and updated wheels to include libwebp 1.3.2, preventing a potential heap buffer overflow in WebP.

But we don't use these wheels do we? So it doesn't have any security impact?

fabianhjr
fabianhjr approved these changes Sep 20, 2023
View reviewed changes
Copy link
Member

@fabianhjr fabianhjr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

diff lgtm, didn't build, evals.

@delroth delroth added 12.approvals: 2 This PR was reviewed and approved by two reputable people and removed 12.approvals: 1 This PR was reviewed and approved by one reputable person labels Sep 20, 2023
@marsam
Copy link
Contributor

marsam commented Sep 21, 2023

So it doesn't have any security impact?

yeah, we aren't impacted

@marsam marsam merged commit 254937d into NixOS:staging Sep 21, 2023
@trofi trofi deleted the python3.pkgs.pillow-update branch September 21, 2023 12:41
@Ma27 Ma27 mentioned this pull request Sep 23, 2023
Closed
1 task
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@marsam marsam marsam approved these changes

@fabianhjr fabianhjr fabianhjr approved these changes

@sumnerevans sumnerevans sumnerevans approved these changes

@prikhi prikhi Awaiting requested review from prikhi

@cillianderoiste cillianderoiste Awaiting requested review from cillianderoiste

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: python 10.rebuild-darwin: 501+ 10.rebuild-darwin: 2501-5000 10.rebuild-linux: 501+ 10.rebuild-linux: 2501-5000 12.approvals: 2 This PR was reviewed and approved by two reputable people
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@trofi @risicle @marsam @fabianhjr @sumnerevans @delroth