Re: [meta-python][dunfell][PATCH 1/9] python3-pillow: Upgrade 6.2.1 -> 7.2.0


Khem Raj
 

What changes are there in new version is there anything of concern ? Sometimes we may be fine to bump a revision of it only contains smaller fixes 

On Wed, Jun 1, 2022 at 11:30 PM Ranjitsinh Rathod <ranjitsinhrathod1991@...> wrote:
Hi Armin,

I understand that we are not upgrading versions on the LTS branch, but this series of upgrades fixing the below CVEs.
CVE-2019-19911 CVE-2020-10177 CVE-2020-10378 CVE-2020-10379 CVE-2020-10994 CVE-2020-11538 CVE-2020-35653 CVE-2020-35654 CVE-2020-35655 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 CVE-2021-23437 CVE-2021-25287 CVE-2021-25288 CVE-2021-25289 CVE-2021-25290 CVE-2021-25291 CVE-2021-25292 CVE-2021-25293 CVE-2021-27921 CVE-2021-27922 CVE-2021-27923 CVE-2021-28675 CVE-2021-28676 CVE-2021-28677 CVE-2021-28678 CVE-2021-34552 CVE-2022-22815 CVE-2022-22816 CVE-2022-22817 CVE-2022-24303

To solve these many CVEs by applying a patch would be really tough and maintaining patches too. What is your opinion here?

Thanks,
Ranjitsinh Rathod



Join openembedded-devel@lists.openembedded.org to automatically receive all group messages.