Re: [meta-python][dunfell][PATCH 1/9] python3-pillow: Upgrade 6.2.1 -> 7.2.0

Ranjitsinh Rathod

Hi Armin,

I understand that we are not upgrading versions on the LTS branch, but this series of upgrades fixing the below CVEs.
CVE-2019-19911 CVE-2020-10177 CVE-2020-10378 CVE-2020-10379 CVE-2020-10994 CVE-2020-11538 CVE-2020-35653 CVE-2020-35654 CVE-2020-35655 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 CVE-2021-23437 CVE-2021-25287 CVE-2021-25288 CVE-2021-25289 CVE-2021-25290 CVE-2021-25291 CVE-2021-25292 CVE-2021-25293 CVE-2021-27921 CVE-2021-27922 CVE-2021-27923 CVE-2021-28675 CVE-2021-28676 CVE-2021-28677 CVE-2021-28678 CVE-2021-34552 CVE-2022-22815 CVE-2022-22816 CVE-2022-22817 CVE-2022-24303

To solve these many CVEs by applying a patch would be really tough and maintaining patches too. What is your opinion here?

Ranjitsinh Rathod

Join to automatically receive all group messages.