Public bug reported:
Please sync pillow 2.5.1-1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: insecure use of temporary files
- debian/patches/CVE-2014-193x.patch: use tempfile.mkstemp() in
PIL/EpsImagePlugin.py, PIL/Image.py, PIL/IptcImagePlugin.py,
PIL/JpegImagePlugin.py.
- CVE-2014-1932
- CVE-2014-1933
* No-change rebuild to drop Python 3.3 support.
* Merge with Debian; remaining changes:
- Provide transitional packages.
Fixed in debian, transitional packages shouldn't be needed now
Changelog entries since current utopic version 2.3.0-1ubuntu3:
pillow (2.5.1-1) unstable; urgency=medium
* Pillow 2.5.1 release.
-- Matthias Klose <d...@debian.org> Thu, 17 Jul 2014 23:43:18 +0200
pillow (2.4.0-2) unstable; urgency=medium
* Require python-tk and python3-tk versions built for Tcl/Tk 8.6.
-- Matthias Klose <d...@debian.org> Fri, 13 Jun 2014 13:59:57 +0200
pillow (2.4.0-1) unstable; urgency=medium
* New upstream version.
- Fix configuration on non-linux platforms. Closes: #745714.
- CVE-2014-1932, CVE-2014-1933: Fix insecure use of /tmp. Closes: #737059.
* Fix detection of Tk. Closes: #746051.
-- Matthias Klose <d...@debian.org> Wed, 16 Apr 2014 00:48:53 +0200
pillow (2.3.0-2) unstable; urgency=medium
* Build for python 3.4.
-- Matthias Klose <d...@debian.org> Wed, 12 Feb 2014 20:41:50 +0100
** Affects: pillow (Ubuntu)
Importance: Wishlist
Status: New
** Changed in: pillow (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1349061
Title:
Sync pillow 2.5.1-1 (main) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1349061/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
