[Bug 1349061] Re: Sync pillow 2.5.1-1 (main) from Debian unstable (main)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jul 29 13:36:26 UTC 2014
This bug was fixed in the package pillow - 2.5.1-1
Sponsored for Jackson Doak (noskcaj)
---------------
pillow (2.5.1-1) unstable; urgency=medium
* Pillow 2.5.1 release.
-- Matthias Klose <doko at debian.org> Thu, 17 Jul 2014 23:43:18 +0200
pillow (2.4.0-2) unstable; urgency=medium
* Require python-tk and python3-tk versions built for Tcl/Tk 8.6.
-- Matthias Klose <doko at debian.org> Fri, 13 Jun 2014 13:59:57 +0200
pillow (2.4.0-1) unstable; urgency=medium
* New upstream version.
- Fix configuration on non-linux platforms. Closes: #745714.
- CVE-2014-1932, CVE-2014-1933: Fix insecure use of /tmp. Closes: #737059.
* Fix detection of Tk. Closes: #746051.
-- Matthias Klose <doko at debian.org> Wed, 16 Apr 2014 00:48:53 +0200
pillow (2.3.0-2) unstable; urgency=medium
* Build for python 3.4.
-- Matthias Klose <doko at debian.org> Wed, 12 Feb 2014 20:41:50 +0100
** Changed in: pillow (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1932
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1933
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1349061
Title:
Sync pillow 2.5.1-1 (main) from Debian unstable (main)
Status in “pillow” package in Ubuntu:
Fix Released
Bug description:
Please sync pillow 2.5.1-1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: insecure use of temporary files
- debian/patches/CVE-2014-193x.patch: use tempfile.mkstemp() in
PIL/EpsImagePlugin.py, PIL/Image.py, PIL/IptcImagePlugin.py,
PIL/JpegImagePlugin.py.
- CVE-2014-1932
- CVE-2014-1933
* No-change rebuild to drop Python 3.3 support.
* Merge with Debian; remaining changes:
- Provide transitional packages.
Fixed in debian, transitional packages shouldn't be needed now
Changelog entries since current utopic version 2.3.0-1ubuntu3:
pillow (2.5.1-1) unstable; urgency=medium
* Pillow 2.5.1 release.
-- Matthias Klose <doko at debian.org> Thu, 17 Jul 2014 23:43:18 +0200
pillow (2.4.0-2) unstable; urgency=medium
* Require python-tk and python3-tk versions built for Tcl/Tk 8.6.
-- Matthias Klose <doko at debian.org> Fri, 13 Jun 2014 13:59:57 +0200
pillow (2.4.0-1) unstable; urgency=medium
* New upstream version.
- Fix configuration on non-linux platforms. Closes: #745714.
- CVE-2014-1932, CVE-2014-1933: Fix insecure use of /tmp. Closes: #737059.
* Fix detection of Tk. Closes: #746051.
-- Matthias Klose <doko at debian.org> Wed, 16 Apr 2014 00:48:53 +0200
pillow (2.3.0-2) unstable; urgency=medium
* Build for python 3.4.
-- Matthias Klose <doko at debian.org> Wed, 12 Feb 2014 20:41:50 +0100
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1349061/+subscriptions
More information about the Ubuntu-sponsors
mailing list