Public bug reported: Please sync pillow 2.5.1-1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped: * SECURITY UPDATE: insecure use of temporary files - debian/patches/CVE-2014-193x.patch: use tempfile.mkstemp() in PIL/EpsImagePlugin.py, PIL/Image.py, PIL/IptcImagePlugin.py, PIL/JpegImagePlugin.py. - CVE-2014-1932 - CVE-2014-1933 * No-change rebuild to drop Python 3.3 support. * Merge with Debian; remaining changes: - Provide transitional packages. Fixed in debian, transitional packages shouldn't be needed now Changelog entries since current utopic version 2.3.0-1ubuntu3: pillow (2.5.1-1) unstable; urgency=medium * Pillow 2.5.1 release. -- Matthias Klose <d...@debian.org> Thu, 17 Jul 2014 23:43:18 +0200 pillow (2.4.0-2) unstable; urgency=medium * Require python-tk and python3-tk versions built for Tcl/Tk 8.6. -- Matthias Klose <d...@debian.org> Fri, 13 Jun 2014 13:59:57 +0200 pillow (2.4.0-1) unstable; urgency=medium * New upstream version. - Fix configuration on non-linux platforms. Closes: #745714. - CVE-2014-1932, CVE-2014-1933: Fix insecure use of /tmp. Closes: #737059. * Fix detection of Tk. Closes: #746051. -- Matthias Klose <d...@debian.org> Wed, 16 Apr 2014 00:48:53 +0200 pillow (2.3.0-2) unstable; urgency=medium * Build for python 3.4. -- Matthias Klose <d...@debian.org> Wed, 12 Feb 2014 20:41:50 +0100 ** Affects: pillow (Ubuntu) Importance: Wishlist Status: New ** Changed in: pillow (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1349061 Title: Sync pillow 2.5.1-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1349061/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs