diff options
author | Trevor Gamblin <trevor.gamblin@windriver.com> | 2021-09-08 12:53:43 -0400 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2021-09-10 06:55:20 -0700 |
commit | 4b9bceea4cbb39a3b0564f394b357d6b36887ae1 (patch) | |
tree | 292052509d7b15c2d20dc79cab0d16e1eb901bcb /meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb | |
parent | fc46c809529f4b5d83ade972c91d388b302b6f48 (diff) | |
download | meta-openembedded-4b9bceea4cbb39a3b0564f394b357d6b36887ae1.tar.gz |
python3-pillow: upgrade 8.3.1 -> 8.3.2
From the release notes:
- CVE-2021-23437: Avoid a potential ReDoS (regular expression denial
of service) in ImageColor’s getrgb() by raising ValueError if the
color specifier is too long. Present since Pillow 5.2.0.
- Fix 6-byte out-of-bounds (OOB) read. The previous bounds check in
FliDecode.c incorrectly calculated the required read buffer size when
copying a chunk, potentially reading six extra bytes off the end of
the allocated buffer from the heap. Present since Pillow 7.1.0. This
bug was found by Google’s OSS-Fuzz CIFuzz runs.
- Pillow now includes binary wheels for Python 3.10.
- Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression
(#5588).
- Updates for ImagePalette channel order (#5599).
- Hide FriBiDi shim symbols to avoid conflict with real FriBiDi
library (#5651).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Diffstat (limited to 'meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb')
0 files changed, 0 insertions, 0 deletions