mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 17:59:59 +00:00
Code Issues Projects Releases Wiki Activity

python3-pillow: Fix CVE-2024-28219

Browse Source 
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because
strcpy is used instead of strncpy.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-28219
https://security-tracker.debian.org/tracker/CVE-2024-28219

Upstream patch:
https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Soumya Sambu
2025-11-07 17:04:28 +05:30
committed by Gyorgy Sarvari
parent b0d98aae8c
commit 7c7ab8ad4e
2 changed files with 44 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb
+1
View File
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https
file://CVE-2023-50447-2.patch \
file://CVE-2023-50447-3.patch \
file://CVE-2023-50447-4.patch \
file://CVE-2024-28219.patch \
"
SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"