package/python-pillow: security bumo to version 10.3.0

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because
strcpy is used instead of strncpy.

Signed-off-by: Angelo Compagnucci <[email protected]>
Signed-off-by: Peter Korsgaard <[email protected]>

diff --git a/package/python-pillow/python-pillow.hash b/package/python-pillow/python-pillow.hash
index 001fb62676f5acb5fd0f08c854956075728100a7..073b758dfe9b105939fddf6ff7efc60487eaab14 100644 (file)
--- a/package/python-pillow/python-pillow.hash
+++ b/package/python-pillow/python-pillow.hash
@@ -1,6 +1,6 @@
-# md5, sha256 from https://pypi.org/pypi/pillow/json
-md5  13de96f9f98bc1c26439d64576a48ac6  pillow-10.2.0.tar.gz
-sha256  e87f0b2c78157e12d7686b27d63c070fd65d994e8ddae6f328e0dcf4a0cd007e  pillow-10.2.0.tar.gz
+# md5, sha256 https://pypi.org/project/pillow/10.3.0/#copy-hash-modal-125abe0d-59be-40cd-89a3-3e2f78136be0
+md5  6c21a12849ae42f93881f614d8f6f651  pillow-10.3.0.tar.gz
+sha256  9d2455fbf44c914840c793e89aa82d0e1763a14253a000743719ae5946814b2d  pillow-10.3.0.tar.gz
 
 # Locally computed sha256 checksums
 sha256  e706384c6f299d1b6fa782ae657740b372b4bd7938a1a318bf94ac249114758a  LICENSE

diff --git a/package/python-pillow/python-pillow.mk b/package/python-pillow/python-pillow.mk
index 7f5b4dd0f965908d1ec3bb0a1bb5dbafe258a72b..38214376ce0e409b4a079d3b8902965672d00909 100644 (file)
--- a/package/python-pillow/python-pillow.mk
+++ b/package/python-pillow/python-pillow.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-PYTHON_PILLOW_VERSION = 10.2.0
-PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/f8/3e/32cbd0129a28686621434cbf17bb64bf1458bfb838f1f668262fefce145c
+PYTHON_PILLOW_VERSION = 10.3.0
+PYTHON_PILLOW_SITE = https://files.pythonhosted.org/packages/ef/43/c50c17c5f7d438e836c169e343695534c38c77f60e7c90389bd77981bc21
 PYTHON_PILLOW_SOURCE = pillow-$(PYTHON_PILLOW_VERSION).tar.gz
 PYTHON_PILLOW_LICENSE = HPND
 PYTHON_PILLOW_LICENSE_FILES = LICENSE