From 2a2df5288e6b34e45fbe668da7f741b56c64a553 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Mon, 29 Mar 2021 19:15:51 +0100 Subject: [PATCH 1/2] python3Packages.pillow: 8.1.1 -> 8.1.2 --- pkgs/development/python-modules/pillow/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pillow/default.nix b/pkgs/development/python-modules/pillow/default.nix index 02611c5a925..5fef39ebef0 100644 --- a/pkgs/development/python-modules/pillow/default.nix +++ b/pkgs/development/python-modules/pillow/default.nix @@ -5,13 +5,13 @@ import ./generic.nix (rec { pname = "Pillow"; - version = "8.1.1"; + version = "8.1.2"; disabled = !isPy3k; src = fetchPypi { inherit pname version; - sha256 = "086g7nhv52wclrwnzbzs2x3nvyzs2hfq1bvgivsrp5f7r7wiiz7n"; + sha256 = "0i7w0fi24za3naz3k3qav6lrhf034nzdy6m9025djlj80476cz5h"; }; meta = with lib; { From ce097085f779e7f7c0c6743409eebd9934bab8c6 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Wed, 31 Mar 2021 19:01:12 +0100 Subject: [PATCH 2/2] python2Packages.pillow: mark as vulnerable to many CVEs --- pkgs/development/python-modules/pillow/6.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/pkgs/development/python-modules/pillow/6.nix b/pkgs/development/python-modules/pillow/6.nix index 51833edfd0b..61242c894a8 100644 --- a/pkgs/development/python-modules/pillow/6.nix +++ b/pkgs/development/python-modules/pillow/6.nix @@ -25,5 +25,23 @@ import ./generic.nix (rec { ''; license = "http://www.pythonware.com/products/pil/license.htm"; maintainers = with maintainers; [ goibhniu prikhi SuperSandro2000 ]; + knownVulnerabilities = [ + "CVE-2020-10177" + "CVE-2020-10378" + "CVE-2020-10379" + "CVE-2020-10994" + "CVE-2020-11538" + "CVE-2020-35653" + "CVE-2020-35654" + "CVE-2020-35655" + "CVE-2021-25289" + "CVE-2021-25290" + "CVE-2021-25291" + "CVE-2021-25292" + "CVE-2021-25293" + "CVE-2021-27921" + "CVE-2021-27922" + "CVE-2021-27923" + ]; }; } // args )