Closed
Bug 1207242
Opened 9 years ago
Closed 9 years ago
update pillow to 2.9.0
Categories
(support.mozilla.org :: Code Quality, task)
support.mozilla.org
Code Quality
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: willkg, Assigned: willkg)
References
Details
We're currently using Pillow 2.4.0. This version is marked insecure. We should upgrade to 2.9.0 which is the latest.
CVEs in the changelogs according to requires.io:
Version 2.5.2
Fixed CVE-2014-3589, a DOS in the IcnsImagePlugin [Andrew Drake]
Version 2.5.3
Fixed CVE-2014-3598, a DOS in the Jpeg2KImagePlugin [Andrew Drake]
Version 2.6.2
Fix CVE-2014-9601, potential PNG decompression DOS #1060 [wiredfool]
Version 2.7.0
Fix CVE-2014-9601, potential PNG decompression DOS #1060 [wiredfool]
|
Assignee | |
Comment 1•9 years ago
|
||
Grabbing this. In a PR: https://github.com/mozilla/kitsune/pull/2660
Assignee: nobody → willkg
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 2•9 years ago
|
||
Landed in https://github.com/mozilla/kitsune/commit/42486db5c2f4978bda5ba982a70e744c59b2c730 Waiting to get deployed.
|
||
Comment 3•9 years ago
|
||
Deployed to prod.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 4•8 years ago
|
||
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•